diff options
| author | mulhern <mulhern@yoctoproject.org> | 2013-09-11 09:07:30 -0400 |
|---|---|---|
| committer | mulhern <mulhern@yoctoproject.org> | 2013-10-23 21:57:20 -0400 |
| commit | cff02a044c6aef347cff8551b156dbc8a5d403d7 (patch) | |
| tree | 0e501bdd0e30a2b2b48fa9ac1297e26c8042ae5d /classes | |
| parent | 594e95f052d352c4b269a39e994785e4e60ef078 (diff) | |
| download | meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.tar.gz meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.tar.bz2 meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.zip | |
meta-security: Add a new .bbclass for meta-security layer.
Inheriting the class will cause the check_security function to run on the
ROOTFS image. Currently the check_security function just invokes
buck-security-native on the root filesystem of the image.
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/check_security.bbclass | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/classes/check_security.bbclass b/classes/check_security.bbclass new file mode 100644 index 0000000..6d6682e --- /dev/null +++ b/classes/check_security.bbclass @@ -0,0 +1,7 @@ +check_security () { + ${STAGING_BINDIR_NATIVE}/buck-security -sysroot ${IMAGE_ROOTFS} -log ${T}/log.do_checksecurity.${PID} -disable-checks "checksum,firewall,packages_problematic,services,sshd,usermask" -no-sudo > /dev/null +} + +EXTRA_IMAGEDEPENDS += "buck-security-native" + +ROOTFS_POSTPROCESS_COMMAND += "check_security;" |