aboutsummaryrefslogtreecommitdiffstats
path: root/classes
diff options
context:
space:
mode:
authormulhern <mulhern@yoctoproject.org>2013-09-11 09:07:30 -0400
committermulhern <mulhern@yoctoproject.org>2013-10-23 21:57:20 -0400
commitcff02a044c6aef347cff8551b156dbc8a5d403d7 (patch)
tree0e501bdd0e30a2b2b48fa9ac1297e26c8042ae5d /classes
parent594e95f052d352c4b269a39e994785e4e60ef078 (diff)
downloadmeta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.tar.gz
meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.tar.bz2
meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.zip
meta-security: Add a new .bbclass for meta-security layer.
Inheriting the class will cause the check_security function to run on the ROOTFS image. Currently the check_security function just invokes buck-security-native on the root filesystem of the image.
Diffstat (limited to 'classes')
-rw-r--r--classes/check_security.bbclass7
1 files changed, 7 insertions, 0 deletions
diff --git a/classes/check_security.bbclass b/classes/check_security.bbclass
new file mode 100644
index 0000000..6d6682e
--- /dev/null
+++ b/classes/check_security.bbclass
@@ -0,0 +1,7 @@
+check_security () {
+ ${STAGING_BINDIR_NATIVE}/buck-security -sysroot ${IMAGE_ROOTFS} -log ${T}/log.do_checksecurity.${PID} -disable-checks "checksum,firewall,packages_problematic,services,sshd,usermask" -no-sudo > /dev/null
+}
+
+EXTRA_IMAGEDEPENDS += "buck-security-native"
+
+ROOTFS_POSTPROCESS_COMMAND += "check_security;"