[Buildroot] [PATCH 2/9 v5] linux: enable AppArmor-related options if needed
Angelo Compagnucci
angelo at amarulasolutions.com
Fri Apr 17 21:25:21 UTC 2020
On Sun, Mar 29, 2020 at 4:01 PM Yann E. MORIN <yann.morin.1998 at free.fr> wrote:
>
> From: Angelo Compagnucci <angelo at amarulasolutions.com>
>
> Using AppArmor requires support in the kernel, so do for AppArmor what
> we did for SElinux, and enabled the necessary options.
>
> Note that a single LSM can be the default one, so as of today, SELinux
> wins, by virtue of being the last to be enabled.
>
> Signed-off-by: Angelo Compagnucci <angelo at amarulasolutions.com>
> [yann.morin.1998 at free.fr:
> - don't force DEFAULT_SECURITY_APPARMOR, it does not exist in all
> kernel versions
> - move closer to SELinux
> - split into its own patch, write a commit log
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
Tested-by: Angelo Compagnucci <angelo at amarulasolutions.com>
> ---
> linux/linux.mk | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/linux/linux.mk b/linux/linux.mk
> index b2ceeecafb..9403612d27 100644
> --- a/linux/linux.mk
> +++ b/linux/linux.mk
> @@ -408,6 +408,11 @@ define LINUX_KCONFIG_FIXUP_CMDS
> $(call KCONFIG_ENABLE_OPT,CONFIG_FB,$(@D)/.config)
> $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO,$(@D)/.config)
> $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO_LINUX_CLUT224,$(@D)/.config))
> + $(if $(BR2_PACKAGE_LIBAPPARMOR),
> + $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config)
> + $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
> + $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_APPARMOR,$(@D)/.config)
> + $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_APPARMOR,$(@D)/.config))
> $(if $(BR2_PACKAGE_LIBSELINUX),
> $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config)
> $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_SELINUX,$(@D)/.config)
> --
> 2.20.1
>
More information about the buildroot
mailing list