linux: enable AppArmor-related options if needed

Using AppArmor requires support in the kernel, so do for AppArmor what
we did for SElinux, and enabled the necessary options.

Note that a single LSM can be the default one, so as of today, SELinux
wins, by virtue of being the last to be enabled.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - don't force DEFAULT_SECURITY_APPARMOR, it does not exist in all
    kernel versions
  - move closer to SELinux
  - split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>

diff --git a/linux/linux.mk b/linux/linux.mk
index 3d9052a337b8816e79270254c7780387ddf0c8ef..68c1121c4bfccfd4215ad86b27c788557129e5aa 100644 (file)
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -408,6 +408,11 @@ define LINUX_KCONFIG_FIXUP_CMDS
                $(call KCONFIG_ENABLE_OPT,CONFIG_FB,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO_LINUX_CLUT224,$(@D)/.config))
+       $(if $(BR2_PACKAGE_LIBAPPARMOR),
+               $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config)
+               $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
+               $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_APPARMOR,$(@D)/.config)
+               $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_APPARMOR,$(@D)/.config))
        $(if $(BR2_PACKAGE_LIBSELINUX),
                $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config)
                $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_SELINUX,$(@D)/.config)