From: Patrick Ohly <patrick.ohly@intel.com>
To: Armin Kuster <akuster808@gmail.com>
Cc: yocto@yoctoproject.org
Subject: Re: [meta-security][PATCH 2/2] smack kernel: add smack kernel config fragments
Date: Thu, 27 Oct 2016 09:22:27 +0200 [thread overview]
Message-ID: <1477552947.2887.63.camel@intel.com> (raw)
In-Reply-To: <1477494038-2895-2-git-send-email-akuster808@gmail.com>
On Wed, 2016-10-26 at 08:00 -0700, Armin Kuster wrote:
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg | 2 ++
> recipes-kernel/linux/linux-yocto-4.8/smack.cfg | 8 ++++++++
> recipes-kernel/linux/linux-yocto_4.8.bbappend | 5 +++++
> 3 files changed, 15 insertions(+)
> create mode 100644 recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg
> create mode 100644 recipes-kernel/linux/linux-yocto-4.8/smack.cfg
>
> diff --git a/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg
> new file mode 100644
> index 0000000..b5c4845
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-yocto-4.8/smack-default-lsm.cfg
> @@ -0,0 +1,2 @@
> +CONFIG_DEFAULT_SECURITY="smack"
> +CONFIG_DEFAULT_SECURITY_SMACK=y
> diff --git a/recipes-kernel/linux/linux-yocto-4.8/smack.cfg b/recipes-kernel/linux/linux-yocto-4.8/smack.cfg
> new file mode 100644
> index 0000000..62f465a
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-yocto-4.8/smack.cfg
> @@ -0,0 +1,8 @@
> +CONFIG_IP_NF_SECURITY=m
> +CONFIG_IP6_NF_SECURITY=m
> +CONFIG_EXT2_FS_SECURITY=y
> +CONFIG_EXT3_FS_SECURITY=y
> +CONFIG_EXT4_FS_SECURITY=y
> +CONFIG_SECURITY=y
> +CONFIG_SECURITY_SMACK=y
> +CONFIG_TMPFS_XATTR=y
Were these two files perhaps copied from
https://github.com/01org/meta-intel-iot-security/tree/master/meta-security-smack/recipes-kernel/linux/linux ?
Just wondering, they look, hmm, very familiar ;-)
Can you say a bit more about your plans regarding Smack support in
meta-security? A recipe for the userspace tool and the kernel config is
a start, but for a fully functional Smack-enabled image, the rootfs also
needs to be set up a bit differently.
I can imagine that it would be worthwhile to take more of the things
done in meta-intel-iot-security and then deprecate that layer.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
next prev parent reply other threads:[~2016-10-27 7:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-26 15:00 [meta-security][PATCH 1/2] smack: Add new package Armin Kuster
2016-10-26 15:00 ` [meta-security][PATCH 2/2] smack kernel: add smack kernel config fragments Armin Kuster
2016-10-27 7:22 ` Patrick Ohly [this message]
2016-10-28 2:32 ` Khem Raj
2016-10-28 11:20 ` Patrick Ohly
2016-10-28 15:41 ` akuster808
2016-10-28 17:54 ` Khem Raj
2016-10-28 2:29 ` [meta-security][PATCH 1/2] smack: Add new package Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477552947.2887.63.camel@intel.com \
--to=patrick.ohly@intel.com \
--cc=akuster808@gmail.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.