From: Tom Rini <trini@konsulko.com>
To: Anders Montonen <Anders.Montonen@iki.fi>
Cc: yocto@yoctoproject.org
Subject: Re: AppArmor
Date: Thu, 22 Jun 2017 08:08:32 -0400 [thread overview]
Message-ID: <20170622120832.GS27196@bill-the-cat> (raw)
In-Reply-To: <AD70DBFD-84A9-44DF-8DCB-1C25BBF0F351@iki.fi>
[-- Attachment #1: Type: text/plain, Size: 1453 bytes --]
On Thu, Jun 22, 2017 at 05:01:09AM +0300, Anders Montonen wrote:
> On 21 Jun 2017, at 23:46, Khem Raj <raj.khem@gmail.com> wrote:
> > On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen <Anders.Montonen@iki.fi <mailto:Anders.Montonen@iki.fi>> wrote:
> > Has anyone tried using AppArmor with Yocto? The recipe in the
> > meta-security layer is broken, and when fixed so it actually builds, it
> > turns out the installed init script relies on functions not found in
> > Yocto's version of LSB.
> > That seems a bug to me perhaps can be fixed in initscripts ?
>
> I ended up replacing the recipe with one combining the one from meta-security and from the OpenSwitch project[1]. This allowed me to get rid of the sysvinit and apache2 dependencies. I’ll have to look for Tom Rini’s tweaks and see if he fixed the Python issues more elegantly.
>
> IIRC the issues I ran into with the meta-security recipe were:
> - The tools under binutils require the static library
> - The systemd service file isn’t installed
> - The Python apparmor module is built against Python 2.7, while the scripts that use it are Python 3. Commit
> 89683b4fee4616a08d249bc7afd7be55f3fa71a3 is wrong, it papers over a QA warning without fixing the actual problem.
> - The Python LibAppArmor module isn’t built at all.
I did fix the latter of these (along with the perl problem), but I'm
using sysvinit and needed apache2 in my project anyhow.
--
Tom
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2017-06-22 12:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-20 13:19 AppArmor Anders Montonen
2017-06-21 14:39 ` AppArmor Dominig ar Foll (Intel Open Source)
2017-06-21 14:46 ` AppArmor Tom Rini
2017-06-21 20:46 ` AppArmor Khem Raj
2017-06-22 2:01 ` AppArmor Anders Montonen
2017-06-22 12:08 ` Tom Rini [this message]
2017-06-29 10:56 ` AppArmor Anders Montonen
2017-06-30 1:35 ` AppArmor Tom Rini
2017-07-04 16:03 ` AppArmor Tom Rini
[not found] <mailman.66388.1498056021.15860.yocto@yoctoproject.org>
2017-06-21 20:41 ` AppArmor Gunnar Andersson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170622120832.GS27196@bill-the-cat \
--to=trini@konsulko.com \
--cc=Anders.Montonen@iki.fi \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.