[meta-security][PATCH 1/2] tripwire: update to 2.4.3.5

[meta-security][PATCH 1/2] tripwire: update to 2.4.3.5

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../tripwire/{tripwire_2.4.3.1.bb => tripwire_2.4.3.5.bb}             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename recipes-security/tripwire/{tripwire_2.4.3.1.bb => tripwire_2.4.3.5.bb} (96%)

diff --git a/recipes-security/tripwire/tripwire_2.4.3.1.bb b/recipes-security/tripwire/tripwire_2.4.3.5.bb
similarity index 96%
rename from recipes-security/tripwire/tripwire_2.4.3.1.bb
rename to recipes-security/tripwire/tripwire_2.4.3.5.bb
index 3ea0806..0d775c2 100644
--- a/recipes-security/tripwire/tripwire_2.4.3.1.bb
+++ b/recipes-security/tripwire/tripwire_2.4.3.5.bb
@@ -6,7 +6,7 @@ SECTION = "security Monitor/Admin"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127"
 
-SRCREV = "210a394b1ce63da7ac51a866ac2e68d439308701"
+SRCREV = "7af2781a19af31a41a259f3cce158003a3a0a72f"
 
 SRC_URI = "\
 	git://github.com/Tripwire/tripwire-open-source.git \
@@ -17,7 +17,7 @@ SRC_URI = "\
 	file://twinstall.sh \
 	file://twpol-yocto.txt \
        "
-#PV = "2.4.3.1+git${SRCPV}"
+#PV = "2.4.3.5+git${SRCPV}"
 
 S = "${WORKDIR}/git"
 
-- 
2.7.4

[meta-security][PATCH 2/2] linux-yocto: add 4.12 bbappends

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-kernel/linux/linux-yocto-4.12/apparmor.cfg          | 13 +++++++++++++
 recipes-kernel/linux/linux-yocto-4.12/smack-default-lsm.cfg |  2 ++
 recipes-kernel/linux/linux-yocto-4.12/smack.cfg             |  8 ++++++++
 recipes-kernel/linux/linux-yocto_4.12.bbappend              | 10 ++++++++++
 4 files changed, 33 insertions(+)
 create mode 100644 recipes-kernel/linux/linux-yocto-4.12/apparmor.cfg
 create mode 100644 recipes-kernel/linux/linux-yocto-4.12/smack-default-lsm.cfg
 create mode 100644 recipes-kernel/linux/linux-yocto-4.12/smack.cfg
 create mode 100644 recipes-kernel/linux/linux-yocto_4.12.bbappend

diff --git a/recipes-kernel/linux/linux-yocto-4.12/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.12/apparmor.cfg
new file mode 100644
index 0000000..1dc4168
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.12/apparmor.cfg
@@ -0,0 +1,13 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/recipes-kernel/linux/linux-yocto-4.12/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-4.12/smack-default-lsm.cfg
new file mode 100644
index 0000000..b5c4845
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.12/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
+CONFIG_DEFAULT_SECURITY="smack"
+CONFIG_DEFAULT_SECURITY_SMACK=y
diff --git a/recipes-kernel/linux/linux-yocto-4.12/smack.cfg b/recipes-kernel/linux/linux-yocto-4.12/smack.cfg
new file mode 100644
index 0000000..62f465a
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.12/smack.cfg
@@ -0,0 +1,8 @@
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_SMACK=y
+CONFIG_TMPFS_XATTR=y
diff --git a/recipes-kernel/linux/linux-yocto_4.12.bbappend b/recipes-kernel/linux/linux-yocto_4.12.bbappend
new file mode 100644
index 0000000..0e610d4
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.12.bbappend
@@ -0,0 +1,10 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.10:"
+
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
+"
+
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
+"
-- 
2.7.4