diff --git a/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey/selinux.cfg b/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey/selinux.cfg new file mode 100644 index 000000000..5799acbec --- /dev/null +++ b/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey/selinux.cfg @@ -0,0 +1,32 @@ +.......................................................................... +. WARNING +. +. This file is a kernel configuration fragment, and not a full kernel +. configuration file. The final kernel configuration is made up of +. an assembly of processed fragments, each of which is designed to +. capture a specific part of the final configuration (e.g. platform +. configuration, feature configuration, and board specific hardware +. configuration). For more information on kernel configuration, please +. consult the product documentation. +. +.......................................................................... +CONFIG_AUDIT=y +CONFIG_NETWORK_SECMARK=y +CONFIG_EXT2_FS_SECURITY=y +CONFIG_EXT3_FS_SECURITY=y +CONFIG_EXT4_FS_SECURITY=y +CONFIG_JFS_SECURITY=y +CONFIG_REISERFS_FS_SECURITY=y +CONFIG_JFFS2_FS_SECURITY=y +CONFIG_SECURITY=y +CONFIG_SECURITYFS=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_DISABLE=y +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +CONFIG_AUDIT_GENERIC=y +CONFIG_DEFAULT_SECURITY_DAC=n +CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" diff --git a/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey_5.4.bbappend b/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey_5.4.bbappend new file mode 100644 index 000000000..04f72532e --- /dev/null +++ b/meta-digi-dey/dynamic-layers/selinux/recipes-kernel/linux/linux-dey_5.4.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + +SRC_URI += " ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}"