linux-yocto/5.0: add apparmor fragments

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2019-04-01 08:00:33 -0700
committer: Armin Kuster <akuster808@gmail.com> 2019-04-01 19:21:21 -0700
commit: cb6d1c85ee723f2b1c869ec3231e3796bbe40b8a (patch)
tree: 8370b915952cd0e20b6df0ba2d4b043e4f5970b8
parent: cb412637a2373b7e015cd5f5ef543df3d90c9ab4 (diff)
download: meta-security-cb6d1c85ee723f2b1c869ec3231e3796bbe40b8a.tar.gz
5 files changed, 37 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg b/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg
new file mode 100644
index 0000000..b5f9bb2
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg
@@ -0,0 +1,15 @@
+CONFIG_AUDIT=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_NETWORK=y
+# CONFIG_SECURITY_NETWORK_XFRM is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+# CONFIG_SECURITY_APPARMOR_DEBUG is not set
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
+# CONFIG_DEFAULT_SECURITY_DAC is not set
+CONFIG_DEFAULT_SECURITY="apparmor"
+CONFIG_AUDIT_GENERIC=y
diff --git a/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg b/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg
new file mode 100644
index 0000000..fc35740
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg
@@ -0,0 +1 @@
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
diff --git a/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg
new file mode 100644
index 0000000..b5c4845
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
+CONFIG_DEFAULT_SECURITY="smack"
+CONFIG_DEFAULT_SECURITY_SMACK=y
diff --git a/recipes-kernel/linux/linux-yocto-5.0/smack.cfg b/recipes-kernel/linux/linux-yocto-5.0/smack.cfg
new file mode 100644
index 0000000..62f465a
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-5.0/smack.cfg
@@ -0,0 +1,8 @@
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_SMACK=y
+CONFIG_TMPFS_XATTR=y
diff --git a/recipes-kernel/linux/linux-yocto_5.0.%.bbappend b/recipes-kernel/linux/linux-yocto_5.0.%.bbappend
new file mode 100644
index 0000000..f810e21
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_5.0.%.bbappend
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-5.0:"
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \
+"
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
+"
author	Armin Kuster <akuster808@gmail.com>	2019-04-01 08:00:33 -0700
committer	Armin Kuster <akuster808@gmail.com>	2019-04-01 19:21:21 -0700
commit	cb6d1c85ee723f2b1c869ec3231e3796bbe40b8a (patch)
tree	8370b915952cd0e20b6df0ba2d4b043e4f5970b8
parent	cb412637a2373b7e015cd5f5ef543df3d90c9ab4 (diff)
download	meta-security-cb6d1c85ee723f2b1c869ec3231e3796bbe40b8a.tar.gz

diff --git a/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg b/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg new file mode 100644 index 0000000..b5f9bb2 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg
@@ -0,0 +1,15 @@
	1	CONFIG_AUDIT=y
	2	# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
	3	CONFIG_SECURITY_NETWORK=y
	4	# CONFIG_SECURITY_NETWORK_XFRM is not set
	5	CONFIG_SECURITY_PATH=y
	6	# CONFIG_SECURITY_SELINUX is not set
	7	CONFIG_SECURITY_APPARMOR=y
	8	CONFIG_SECURITY_APPARMOR_HASH=y
	9	CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
	10	# CONFIG_SECURITY_APPARMOR_DEBUG is not set
	11	CONFIG_INTEGRITY_AUDIT=y
	12	CONFIG_DEFAULT_SECURITY_APPARMOR=y
	13	# CONFIG_DEFAULT_SECURITY_DAC is not set
	14	CONFIG_DEFAULT_SECURITY="apparmor"
	15	CONFIG_AUDIT_GENERIC=y


diff --git a/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg b/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg new file mode 100644 index 0000000..fc35740 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg
@@ -0,0 +1 @@
		CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1


diff --git a/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg new file mode 100644 index 0000000..b5c4845 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
	1	CONFIG_DEFAULT_SECURITY="smack"
	2	CONFIG_DEFAULT_SECURITY_SMACK=y


diff --git a/recipes-kernel/linux/linux-yocto-5.0/smack.cfg b/recipes-kernel/linux/linux-yocto-5.0/smack.cfg new file mode 100644 index 0000000..62f465a --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-5.0/smack.cfg
@@ -0,0 +1,8 @@
	1	CONFIG_IP_NF_SECURITY=m
	2	CONFIG_IP6_NF_SECURITY=m
	3	CONFIG_EXT2_FS_SECURITY=y
	4	CONFIG_EXT3_FS_SECURITY=y
	5	CONFIG_EXT4_FS_SECURITY=y
	6	CONFIG_SECURITY=y
	7	CONFIG_SECURITY_SMACK=y
	8	CONFIG_TMPFS_XATTR=y


diff --git a/recipes-kernel/linux/linux-yocto_5.0.%.bbappend b/recipes-kernel/linux/linux-yocto_5.0.%.bbappend new file mode 100644 index 0000000..f810e21 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_5.0.%.bbappend
@@ -0,0 +1,11 @@
	1	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-5.0:"
	2
	3	SRC_URI += "\
	4	${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
	5	${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \
	6	"
	7
	8	SRC_URI += "\
	9	${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
	10	${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
	11	"