From 67e576fab524c6341d86aa34a8c93306533b6e1a Mon Sep 17 00:00:00 2001 From: Angelo Compagnucci Date: Fri, 27 Mar 2020 20:55:04 +0100 Subject: [PATCH] linux: enable AppArmor-related options if needed Using AppArmor requires support in the kernel, so do for AppArmor what we did for SElinux, and enabled the necessary options. Note that a single LSM can be the default one, so as of today, SELinux wins, by virtue of being the last to be enabled. Signed-off-by: Angelo Compagnucci [yann.morin.1998@free.fr: - don't force DEFAULT_SECURITY_APPARMOR, it does not exist in all kernel versions - move closer to SELinux - split into its own patch, write a commit log ] Signed-off-by: Yann E. MORIN Tested-by: Angelo Compagnucci --- linux/linux.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/linux/linux.mk b/linux/linux.mk index 3d9052a337..68c1121c4b 100644 --- a/linux/linux.mk +++ b/linux/linux.mk @@ -408,6 +408,11 @@ define LINUX_KCONFIG_FIXUP_CMDS $(call KCONFIG_ENABLE_OPT,CONFIG_FB,$(@D)/.config) $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO,$(@D)/.config) $(call KCONFIG_ENABLE_OPT,CONFIG_LOGO_LINUX_CLUT224,$(@D)/.config)) + $(if $(BR2_PACKAGE_LIBAPPARMOR), + $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config) + $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config) + $(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_APPARMOR,$(@D)/.config) + $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_APPARMOR,$(@D)/.config)) $(if $(BR2_PACKAGE_LIBSELINUX), $(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT,$(@D)/.config) $(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_SELINUX,$(@D)/.config) -- 2.30.2