linux-yocto: Enable SE Linux support

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
author: Mark Hatle <mark.hatle@windriver.com> 2012-01-31 13:59:50 -0600
committer: Mark Hatle <mark.hatle@windriver.com> 2012-01-31 13:59:50 -0600
commit: efda6dc804e92da06994474efa305ad212add700 (patch)
tree: 9c73d912b72bd34b9fd69d5c6c61854397ef5dcd
parent: f1c357ffe4722217f507a9d90f8dffaa6585f98a (diff)
download: meta-selinux-efda6dc804e92da06994474efa305ad212add700.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/linux-yocto/selinux.cfg
new file mode 100644
index 0000000..20dd189
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto/selinux.cfg
@@ -0,0 +1,26 @@
+..........................................................................                                                                         
+.                                WARNING
+.                                      
+. This file is a kernel configuration fragment, and not a full kernel
+. configuration file.  The final kernel configuration is made up of 
+. an assembly of processed fragments, each of which is designed to 
+. capture a specific part of the final configuration (e.g. platform
+. configuration, feature configuration, and board specific hardware
+. configuration).  For more information on kernel configuration, please 
+. consult the product documentation.                                   
+.                                                                     
+..........................................................................                                                                                      
+CONFIG_AUDIT=y
+CONFIG_NETWORK_SECMARK=y
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_REISERFS_FS_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_AUDIT_GENERIC=y
diff --git a/recipes-kernel/linux/linux-yocto_3.0.bbappend b/recipes-kernel/linux/linux-yocto_3.0.bbappend
new file mode 100644
index 0000000..3514b3d
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_3.0.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+# Enable selinux support in the kernel if the feature is enabled
+SRC_URI += "${@base_contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
author	Mark Hatle <mark.hatle@windriver.com>	2012-01-31 13:59:50 -0600
committer	Mark Hatle <mark.hatle@windriver.com>	2012-01-31 13:59:50 -0600
commit	efda6dc804e92da06994474efa305ad212add700 (patch)
tree	9c73d912b72bd34b9fd69d5c6c61854397ef5dcd
parent	f1c357ffe4722217f507a9d90f8dffaa6585f98a (diff)
download	meta-selinux-efda6dc804e92da06994474efa305ad212add700.tar.gz

diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/linux-yocto/selinux.cfg new file mode 100644 index 0000000..20dd189 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto/selinux.cfg
@@ -0,0 +1,26 @@
	1	..........................................................................
	2	. WARNING
	3	.
	4	. This file is a kernel configuration fragment, and not a full kernel
	5	. configuration file. The final kernel configuration is made up of
	6	. an assembly of processed fragments, each of which is designed to
	7	. capture a specific part of the final configuration (e.g. platform
	8	. configuration, feature configuration, and board specific hardware
	9	. configuration). For more information on kernel configuration, please
	10	. consult the product documentation.
	11	.
	12	..........................................................................
	13	CONFIG_AUDIT=y
	14	CONFIG_NETWORK_SECMARK=y
	15	CONFIG_EXT2_FS_SECURITY=y
	16	CONFIG_EXT3_FS_SECURITY=y
	17	CONFIG_REISERFS_FS_SECURITY=y
	18	CONFIG_SECURITY_NETWORK=y
	19	CONFIG_SECURITY_SELINUX=y
	20	CONFIG_SECURITY_SELINUX_BOOTPARAM=y
	21	CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
	22	CONFIG_SECURITY_SELINUX_DISABLE=y
	23	CONFIG_SECURITY_SELINUX_DEVELOP=y
	24	CONFIG_SECURITY_SELINUX_AVC_STATS=y
	25	CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
	26	CONFIG_AUDIT_GENERIC=y


diff --git a/recipes-kernel/linux/linux-yocto_3.0.bbappend b/recipes-kernel/linux/linux-yocto_3.0.bbappend new file mode 100644 index 0000000..3514b3d --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_3.0.bbappend
@@ -0,0 +1,4 @@
	1	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
	2
	3	# Enable selinux support in the kernel if the feature is enabled
	4	SRC_URI += "${@base_contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"