mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-06 16:48:42 +00:00
Code Issues Projects Releases Wiki Activity
946 Commits 39 Branches 0 Tags
hardknott
Commit Graph

15 Commits

Author SHA1 Message Date
Ming Liu
995f25bcb9 meta: drop IMA_POLICY from policy recipes 
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.

Fix it by dropping IMA_POLICY definitions from policy recipes

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Ming Liu
6ada80aa3e ima-evm-keys: add file-checksums to IMA_EVM_X509 
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-18 08:01:19 -07:00
Ming Liu
9504d02694 ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic 
This fixes following systemd boot issues:
[    7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[    7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[    7.459270] systemd[1]: Freezing execution.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Ming Liu
f70207e1c1 ima-evm-keys: add recipe 
Create a recipe to package IMA/EMV public keys.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu
ca1c2086ad ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty 
'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid
sanity check for ima-evm-utils-native.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
5d629ccb54 meta-integrity: fix issues with yocto-check-layer 
[v2]
re-did solutions

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-04 10:55:26 -08:00
Dmitry Eremin-Solenikov
c2ddc05c20 ima-evm-utils: bump to release 1.2.1 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 13:13:38 -07:00
lumag
fc20f45964 ima-evm-utils: refresh xattr patch 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 12:17:25 -07:00
lumag
2fa48c800d ima-evm-utils: bump version 
Currently selected SRCREV (782224f33cd711050cbf6146a12122cd73f9136b)
comes after 1.1 ima-evm-utils release, so bump PV accordingly.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-08-04 12:17:25 -07:00
Armin Kuster
f63db8ce1d ima-evm-utils: update to tip 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-06-26 15:47:47 -07:00
Armin Kuster
cf0123e130 policy: add ima appraise all policy 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
1293478068 ima_policy_simple: add another sample policy 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
c84f39f8e0 ima-policy-hashed: add new recipe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
756a1649b7 ima-evm-utils: cleanup and update to tip 
update to tip
backported patches to fix build issues.
fix native support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:52 -07:00
Armin Kuster
6680225c05 meta-integrity: port over from meta-intel-iot-security 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-28 07:38:41 -07:00