diff options
| -rw-r--r-- | recipes-kernel/linux/linux-yocto/selinux.cfg | 26 | ||||
| -rw-r--r-- | recipes-kernel/linux/linux-yocto_3.0.bbappend | 4 |
2 files changed, 30 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/linux-yocto/selinux.cfg new file mode 100644 index 0000000..20dd189 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto/selinux.cfg @@ -0,0 +1,26 @@ +.......................................................................... +. WARNING +. +. This file is a kernel configuration fragment, and not a full kernel +. configuration file. The final kernel configuration is made up of +. an assembly of processed fragments, each of which is designed to +. capture a specific part of the final configuration (e.g. platform +. configuration, feature configuration, and board specific hardware +. configuration). For more information on kernel configuration, please +. consult the product documentation. +. +.......................................................................... +CONFIG_AUDIT=y +CONFIG_NETWORK_SECMARK=y +CONFIG_EXT2_FS_SECURITY=y +CONFIG_EXT3_FS_SECURITY=y +CONFIG_REISERFS_FS_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_SELINUX_DISABLE=y +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +CONFIG_AUDIT_GENERIC=y diff --git a/recipes-kernel/linux/linux-yocto_3.0.bbappend b/recipes-kernel/linux/linux-yocto_3.0.bbappend new file mode 100644 index 0000000..3514b3d --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_3.0.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +# Enable selinux support in the kernel if the feature is enabled +SRC_URI += "${@base_contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}" |