From efda6dc804e92da06994474efa305ad212add700 Mon Sep 17 00:00:00 2001
From: Mark Hatle <mark.hatle@windriver.com>
Date: Tue, 31 Jan 2012 13:59:50 -0600
Subject: linux-yocto: Enable SE Linux support

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 recipes-kernel/linux/linux-yocto/selinux.cfg  | 26 ++++++++++++++++++++++++++
 recipes-kernel/linux/linux-yocto_3.0.bbappend |  4 ++++
 2 files changed, 30 insertions(+)
 create mode 100644 recipes-kernel/linux/linux-yocto/selinux.cfg
 create mode 100644 recipes-kernel/linux/linux-yocto_3.0.bbappend

diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/linux-yocto/selinux.cfg
new file mode 100644
index 0000000..20dd189
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto/selinux.cfg
@@ -0,0 +1,26 @@
+..........................................................................                                                                         
+.                                WARNING
+.                                      
+. This file is a kernel configuration fragment, and not a full kernel
+. configuration file.  The final kernel configuration is made up of 
+. an assembly of processed fragments, each of which is designed to 
+. capture a specific part of the final configuration (e.g. platform
+. configuration, feature configuration, and board specific hardware
+. configuration).  For more information on kernel configuration, please 
+. consult the product documentation.                                   
+.                                                                     
+..........................................................................                                                                                      
+CONFIG_AUDIT=y
+CONFIG_NETWORK_SECMARK=y
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_REISERFS_FS_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_AUDIT_GENERIC=y
diff --git a/recipes-kernel/linux/linux-yocto_3.0.bbappend b/recipes-kernel/linux/linux-yocto_3.0.bbappend
new file mode 100644
index 0000000..3514b3d
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_3.0.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+# Enable selinux support in the kernel if the feature is enabled
+SRC_URI += "${@base_contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"
-- 
cgit v1.2.3-54-g00ecf