diff options
Diffstat (limited to 'meta-app-framework/recipes-core/smack-system-setup')
5 files changed, 0 insertions, 85 deletions
diff --git a/meta-app-framework/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-app-framework/recipes-core/smack-system-setup/files/55-udev-smack-default.rules deleted file mode 100644 index eca65292f..000000000 --- a/meta-app-framework/recipes-core/smack-system-setup/files/55-udev-smack-default.rules +++ /dev/null @@ -1,27 +0,0 @@ -# do not edit this file, it will be overwritten on update - -KERNEL=="null", SECLABEL{smack}="*" -KERNEL=="zero", SECLABEL{smack}="*" -KERNEL=="console", SECLABEL{smack}="*" -KERNEL=="kmsg", SECLABEL{smack}="*" -KERNEL=="video*", SECLABEL{smack}="*" -KERNEL=="card*", SECLABEL{smack}="*" -KERNEL=="ptmx", SECLABEL{smack}="*" -KERNEL=="tty", SECLABEL{smack}="*" -KERNEL=="rfkill", SECLABEL{smack}="*" - -SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*" - -SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*" - -SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*" -SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*" -KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*" - -SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640", SECLABEL{smack}="*" -SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*" diff --git a/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf b/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf deleted file mode 100644 index 7035a1410..000000000 --- a/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Run systemd-journald with the hat ("^") Smack label. -# -# The journal daemon needs global read access to gather information -# about the services spawned by systemd. The hat label is intended -# for this purpose. The journal daemon is the only part of the -# System domain that needs read access to the User domain. Giving -# the journal daemon the hat label means that we can remove the -# System domain's read access to the User domain and we can avoid -# hard-coding a specific label name for that domain. -# -# Original author: Casey Schaufler <casey@schaufler-ca.com> -# -# This is considered a configuration change and thus distro specific. -[Service] -SmackProcessLabel=^ - diff --git a/meta-app-framework/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf b/meta-app-framework/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf deleted file mode 100644 index db43c8c51..000000000 --- a/meta-app-framework/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -ExecStartPost=/bin/sh -c '([ ! -d /var/tmp ] || chsmack -L -a \"*\" /var/tmp) && ([ ! -d /var/log ] || chsmack -L -a System::Log /var/log && chsmack -L -t /var/log)' diff --git a/meta-app-framework/recipes-core/smack-system-setup/files/tmp.mount.conf b/meta-app-framework/recipes-core/smack-system-setup/files/tmp.mount.conf deleted file mode 100644 index 388986e82..000000000 --- a/meta-app-framework/recipes-core/smack-system-setup/files/tmp.mount.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Mount /tmp publicly accessable. Based on patch by Michael Demeter <michael.demeter@intel.com>. -# Upstream systemd temporarily had SmackFileSystemRoot for this (https://github.com/systemd/systemd/pull/1664), -# but it was removed again (https://github.com/systemd/systemd/issues/1696) because -# util-linux mount will ignore smackfsroot when Smack is not active. However, -# busybox is not that intelligent. -# -# When using busybox mount, adding smackfsroot=* and booting without -# Smack (i.e. security=none), tmp.mount will fail with an error about -# "Bad mount option smackfsroot". -[Mount] -Options=smackfsroot=* - diff --git a/meta-app-framework/recipes-core/smack-system-setup/smack-system-setup_1.bb b/meta-app-framework/recipes-core/smack-system-setup/smack-system-setup_1.bb deleted file mode 100644 index b74f462b4..000000000 --- a/meta-app-framework/recipes-core/smack-system-setup/smack-system-setup_1.bb +++ /dev/null @@ -1,28 +0,0 @@ -DESCRIPTION = "setup of a system using smack" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" - -SRC_URI = "\ - file://55-udev-smack-default.rules \ - file://systemd-journald.service.conf \ - file://systemd-tmpfiles-setup.service.conf \ - file://tmp.mount.conf \ -" - -RDEPENDS:${PN}:append:with-lsm-smack = " smack" - -do_install:append:with-lsm-smack() { - # tuning systemd units - install -Dm0644 ${WORKDIR}/systemd-tmpfiles-setup.service.conf \ - ${D}${systemd_unitdir}/system/systemd-tmpfiles-setup.service.d/smack.conf - install -Dm0644 ${WORKDIR}/systemd-journald.service.conf \ - ${D}${systemd_unitdir}/system/systemd-journald.service.d/smack.conf - install -Dm0644 ${WORKDIR}/tmp.mount.conf \ - ${D}${systemd_unitdir}/system/tmp.mount.d/smack.conf - - # add udev rules - install -Dm0644 ${WORKDIR}/55-udev-smack-default.rules \ - ${D}${sysconfdir}/udev/rules.d/55-udev-smack-default.rules -} - -FILES:${PN} += "${systemd_unitdir}" |