* [meta-security][PATCH 1/3] libseccomp: update to 2.3.2
@ 2017-04-03 2:20 Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 2/3] linux-yocto: add 4.10 kernel support Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 3/3] apparmor: update to 2.11.0 plus ptest Armin Kuster
0 siblings, 2 replies; 3+ messages in thread
From: Armin Kuster @ 2017-04-03 2:20 UTC (permalink / raw)
To: akuster, yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/libseccomp/libseccomp.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/recipes-security/libseccomp/libseccomp.bb b/recipes-security/libseccomp/libseccomp.bb
index 97283d4..7b9e0e5 100644
--- a/recipes-security/libseccomp/libseccomp.bb
+++ b/recipes-security/libseccomp/libseccomp.bb
@@ -4,11 +4,11 @@ SECTION = "security"
LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
-SRCREV = "ce5aea6a4ae7523b57ec13e2e6150aa5d83c1b4e"
+SRCREV = "2331d104bc0cbde5f6c54e504a038e52bfe8e12d"
-PV = "2.3.1+git${SRCPV}"
+PV = "2.3.2+git${SRCPV}"
-SRC_URI = "git://github.com/seccomp/libseccomp.git \
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.3 \
file://run-ptest \
"
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [meta-security][PATCH 2/3] linux-yocto: add 4.10 kernel support
2017-04-03 2:20 [meta-security][PATCH 1/3] libseccomp: update to 2.3.2 Armin Kuster
@ 2017-04-03 2:20 ` Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 3/3] apparmor: update to 2.11.0 plus ptest Armin Kuster
1 sibling, 0 replies; 3+ messages in thread
From: Armin Kuster @ 2017-04-03 2:20 UTC (permalink / raw)
To: akuster, yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg | 13 +++++++++++++
recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg | 2 ++
recipes-kernel/linux/linux-yocto-4.10/smack.cfg | 8 ++++++++
recipes-kernel/linux/linux-yocto_4.10.bbappend | 13 +++++++++++++
4 files changed, 36 insertions(+)
create mode 100644 recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
create mode 100644 recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
create mode 100644 recipes-kernel/linux/linux-yocto-4.10/smack.cfg
create mode 100644 recipes-kernel/linux/linux-yocto_4.10.bbappend
diff --git a/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
new file mode 100644
index 0000000..1dc4168
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
@@ -0,0 +1,13 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
new file mode 100644
index 0000000..b5c4845
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
+CONFIG_DEFAULT_SECURITY="smack"
+CONFIG_DEFAULT_SECURITY_SMACK=y
diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg
new file mode 100644
index 0000000..62f465a
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg
@@ -0,0 +1,8 @@
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_SMACK=y
+CONFIG_TMPFS_XATTR=y
diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend
new file mode 100644
index 0000000..35a32b6
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -0,0 +1,13 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.10:"
+
+# TPM kernel support
+KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
+
+SRC_URI += "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
+"
+
+SRC_URI += "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
+"
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [meta-security][PATCH 3/3] apparmor: update to 2.11.0 plus ptest
2017-04-03 2:20 [meta-security][PATCH 1/3] libseccomp: update to 2.3.2 Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 2/3] linux-yocto: add 4.10 kernel support Armin Kuster
@ 2017-04-03 2:20 ` Armin Kuster
1 sibling, 0 replies; 3+ messages in thread
From: Armin Kuster @ 2017-04-03 2:20 UTC (permalink / raw)
To: akuster, yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-security/AppArmor/apparmor_2.10.95.bb | 116 -----------------------
recipes-security/AppArmor/apparmor_2.11.0.bb | 127 ++++++++++++++++++++++++++
recipes-security/AppArmor/files/run-ptest | 4 +
3 files changed, 131 insertions(+), 116 deletions(-)
delete mode 100644 recipes-security/AppArmor/apparmor_2.10.95.bb
create mode 100644 recipes-security/AppArmor/apparmor_2.11.0.bb
create mode 100644 recipes-security/AppArmor/files/run-ptest
diff --git a/recipes-security/AppArmor/apparmor_2.10.95.bb b/recipes-security/AppArmor/apparmor_2.10.95.bb
deleted file mode 100644
index de09e29..0000000
--- a/recipes-security/AppArmor/apparmor_2.10.95.bb
+++ /dev/null
@@ -1,116 +0,0 @@
-SUMMARY = "AppArmor another MAC control system"
-DESCRIPTION = "user-space parser utility for AppArmor \
- This provides the system initialization scripts needed to use the \
- AppArmor Mandatory Access Control system, including the AppArmor Parser \
- which is required to convert AppArmor text profiles into machine-readable \
- policies that are loaded into the kernel for use with the AppArmor Linux \
- Security Module."
-HOMEAPAGE = "http://apparmor.net/"
-SECTION = "admin"
-
-LICENSE = "GPLv2 & GPLv2+ & BSD-3-Clause & LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
-
-DEPENDS = "bison-native apr apache2"
-
-SRC_URI = " \
- http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \
- file://disable_pdf.patch \
- file://apparmor.rc \
- file://functions \
- file://apparmor \
- file://apparmor.service \
- "
-
-SRC_URI[md5sum] = "71a13b9d6ae0bca4f5375984df1a51e7"
-SRC_URI[sha256sum] = "3f659a599718f4a5e2a33140916715f574a5cb3634a6b9ed6d29f7b0617e4d1a"
-
-PARALLEL_MAKE = ""
-
-inherit pkgconfig autotools-brokensep update-rc.d python-dir ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
-
-S = "${WORKDIR}/apparmor-${PV}"
-
-PACKAGECONFIG ?="man"
-PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages"
-
-PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
-
-do_configure() {
- cd ${S}/libraries/libapparmor
- autoconf --force
- libtoolize --automake -c
- automake -ac
- ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
- sed -i -e 's#^YACC.*#YACC := bison#' ${S}/parser/Makefile
- sed -i -e 's#^LEX.*#LEX := flex#' ${S}/parser/Makefile
-}
-
-do_compile () {
- cd ${S}/libraries/libapparmor
- oe_runmake
- cd ${S}/binutils
- oe_runmake
- cd ${S}/utils
- oe_runmake
- cd ${S}/parser
- oe_runmake
- cd ${S}/profiles
- oe_runmake
-
- cd ${S}/changehat/mod_apparmor
- oe_runmake
-
- if test -z "${PAMLIB}" ; then
- cd ${S}/changehat/pam_apparmor
- oe_runmake
- fi
-}
-
-do_install () {
- install -d ${D}/${INIT_D_DIR}
- install -d ${D}/lib/apparmor
-
- cd ${S}/libraries/libapparmor
- oe_runmake DESTDIR="${D}" install
-
- cd ${S}/binutils
- oe_runmake DESTDIR="${D}" install
-
- cd ${S}/utils
- oe_runmake DESTDIR="${D}" install
-
- cd ${S}/parser
- oe_runmake DESTDIR="${D}" install
-
- cd ${S}/profiles
- oe_runmake DESTDIR="${D}" install
-
- cd ${S}/changehat/mod_apparmor
- oe_runmake DESTDIR="${D}" install
-
- if test -z "${PAMLIB}" ; then
- cd ${S}/changehat/pam_apparmor
- oe_runmake DESTDIR="${D}" install
- fi
-
- install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
-
- install ${WORKDIR}/functions ${D}/lib/apparmor
-}
-
-INITSCRIPT_PACKAGES = "${PN}"
-INITSCRIPT_NAME = "apparmor"
-INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
-
-SYSTEMD_PACKAGES = "${PN}"
-SYSTEMD_SERVICE_${PN} = "apparmor.service"
-SYSTEMD_AUTO_ENABLE = "disable"
-
-PACKAGES += "python-${PN} mod-${PN}"
-
-FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor"
-FILES_mod-${PN} = "${libdir}/apache2/modules/*"
-FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}"
-
-RDEPENDS_${PN} += "bash perl"
diff --git a/recipes-security/AppArmor/apparmor_2.11.0.bb b/recipes-security/AppArmor/apparmor_2.11.0.bb
new file mode 100644
index 0000000..0e6b920
--- /dev/null
+++ b/recipes-security/AppArmor/apparmor_2.11.0.bb
@@ -0,0 +1,127 @@
+SUMMARY = "AppArmor another MAC control system"
+DESCRIPTION = "user-space parser utility for AppArmor \
+ This provides the system initialization scripts needed to use the \
+ AppArmor Mandatory Access Control system, including the AppArmor Parser \
+ which is required to convert AppArmor text profiles into machine-readable \
+ policies that are loaded into the kernel for use with the AppArmor Linux \
+ Security Module."
+HOMEAPAGE = "http://apparmor.net/"
+SECTION = "admin"
+
+LICENSE = "GPLv2 & GPLv2+ & BSD-3-Clause & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
+
+DEPENDS = "bison-native apr apache2 gettext-native coreutils-native"
+
+SRC_URI = " \
+ http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \
+ file://apparmor.rc \
+ file://functions \
+ file://apparmor \
+ file://apparmor.service \
+ file://ptest_install.patch \
+ file://run-ptest \
+ "
+
+SRC_URI[md5sum] = "899fd834dc5c8ebf2d52b97e4a174af7"
+SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a"
+
+PARALLEL_MAKE = ""
+
+inherit pkgconfig autotools-brokensep update-rc.d python3-dir perlnative ptest
+inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
+
+S = "${WORKDIR}/apparmor-${PV}"
+
+PACKAGECONFIG ?="man"
+PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages"
+PACKAGECONFIG[python3] = "--with-python, --without-python, python3 swig-native"
+PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native"
+
+PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
+
+do_configure() {
+ cd ${S}/libraries/libapparmor
+ autoconf --force
+ libtoolize --automake -c
+ automake -ac
+ ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+ sed -i -e 's#^YACC.*#YACC := bison#' ${S}/parser/Makefile
+ sed -i -e 's#^LEX.*#LEX := flex#' ${S}/parser/Makefile
+}
+
+do_compile () {
+ oe_runmake -C ${B}/libraries/libapparmor
+ oe_runmake -C ${B}/binutils
+ oe_runmake -C ${B}/utils
+ oe_runmake -C ${B}/parser
+ oe_runmake -C ${B}/profiles
+ oe_runmake -C ${B}/changehat/mod_apparmor
+
+ if test -z "${PAMLIB}" ; then
+ oe_runmake -C ${B}/changehat/pam_apparmor
+ fi
+}
+
+do_install () {
+ install -d ${D}/${INIT_D_DIR}
+ install -d ${D}/lib/apparmor
+
+ oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
+ oe_runmake -C ${B}/binutils DESTDIR="${D}" install
+ oe_runmake -C ${B}/utils DESTDIR="${D}" install
+ oe_runmake -C ${B}/parser DESTDIR="${D}" install
+ oe_runmake -C ${B}/profiles DESTDIR="${D}" install
+ oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
+
+ if test -z "${PAMLIB}" ; then
+ oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
+ fi
+
+ install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
+ install ${WORKDIR}/functions ${D}/lib/apparmor
+}
+
+do_compile_ptest () {
+ oe_runmake -C ${B}/tests/regression/apparmor
+ oe_runmake -C ${B}/parser/tst
+ oe_runmake -C ${B}/libraries/libapparmor
+}
+
+do_install_ptest () {
+ t=${D}/${PTEST_PATH}/testsuite
+ install -d ${t}
+ install -d ${t}/tests/regression/apparmor
+ cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
+
+ install -d ${t}/parser/tst
+ cp -rf ${B}/parser/tst ${t}/parser
+ cp ${B}/parser/apparmor_parser ${t}/parser
+ cp ${B}/parser/frob_slack_rc ${t}/parser
+
+ install -d ${t}/libraries/libapparmor
+ cp -rf ${B}/libraries/libapparmor ${t}/libraries
+
+ install -d ${t}/common
+ cp -rf ${B}/common ${t}
+
+ install -d ${t}/binutils
+ cp -rf ${B}/binutils ${t}
+}
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "apparmor"
+INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE_${PN} = "apparmor.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+PACKAGES += "python-${PN} mod-${PN}"
+
+FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor"
+FILES_mod-${PN} = "${libdir}/apache2/modules/*"
+FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}"
+
+RDEPENDS_${PN} += "bash lsb"
+RDEPENDS_${PN}-ptest += "coreutils dbus-lib"
diff --git a/recipes-security/AppArmor/files/run-ptest b/recipes-security/AppArmor/files/run-ptest
new file mode 100644
index 0000000..3b8e427
--- /dev/null
+++ b/recipes-security/AppArmor/files/run-ptest
@@ -0,0 +1,4 @@
+#! /bin/sh
+cd testsuite
+
+make -C tests/regression/apparmor tests
--
2.7.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-04-03 2:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-03 2:20 [meta-security][PATCH 1/3] libseccomp: update to 2.3.2 Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 2/3] linux-yocto: add 4.10 kernel support Armin Kuster
2017-04-03 2:20 ` [meta-security][PATCH 3/3] apparmor: update to 2.11.0 plus ptest Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.