> On Oct 27, 2016, at 12:22 AM, Patrick Ohly <patrick.o...@intel.com> wrote: > > On Wed, 2016-10-26 at 08:00 -0700, Armin Kuster wrote: >> Signed-off-by: Armin Kuster <akuster...@gmail.com> >> --- >> recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg | 2 ++ >> recipes-kernel/linux/linux-yocto-4.8/smack.cfg | 8 ++++++++ >> recipes-kernel/linux/linux-yocto_4.8.bbappend | 5 +++++ >> 3 files changed, 15 insertions(+) >> create mode 100644 recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg >> create mode 100644 recipes-kernel/linux/linux-yocto-4.8/smack.cfg >> >> diff --git a/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg >> b/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg >> new file mode 100644 >> index 0000000..b5c4845 >> --- /dev/null >> +++ b/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg >> @@ -0,0 +1,2 @@ >> +CONFIG_DEFAULT_SECURITY="smack" >> +CONFIG_DEFAULT_SECURITY_SMACK=y >> diff --git a/recipes-kernel/linux/linux-yocto-4.8/smack.cfg >> b/recipes-kernel/linux/linux-yocto-4.8/smack.cfg >> new file mode 100644 >> index 0000000..62f465a >> --- /dev/null >> +++ b/recipes-kernel/linux/linux-yocto-4.8/smack.cfg >> @@ -0,0 +1,8 @@ >> +CONFIG_IP_NF_SECURITY=m >> +CONFIG_IP6_NF_SECURITY=m >> +CONFIG_EXT2_FS_SECURITY=y >> +CONFIG_EXT3_FS_SECURITY=y >> +CONFIG_EXT4_FS_SECURITY=y >> +CONFIG_SECURITY=y >> +CONFIG_SECURITY_SMACK=y >> +CONFIG_TMPFS_XATTR=y > > Were these two files perhaps copied from > https://github.com/01org/meta-intel-iot-security/tree/master/meta-security-smack/recipes-kernel/linux/linux > ? > > Just wondering, they look, hmm, very familiar ;-) > > Can you say a bit more about your plans regarding Smack support in > meta-security? A recipe for the userspace tool and the kernel config is > a start, but for a fully functional Smack-enabled image, the rootfs also > needs to be set up a bit differently.
FWIW meta-security seems to be right place for smack related infra. > > I can imagine that it would be worthwhile to take more of the things > done in meta-intel-iot-security and then deprecate that layer. > > -- > Best Regards, Patrick Ohly > > The content of this message is my personal opinion only and although > I am an employee of Intel, the statements I make here in no way > represent Intel's position on the issue, nor am I authorized to speak > on behalf of Intel on this matter. > > > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto