| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add agl-selinux feature to enable SELinux support.
Notes:
- SELinux is in permissive mode by default for now, and using the
targeted policy by default.
- The linux-yocto specific bbappend in meta-selinux is masked out in
favor of adding a more universal kernel configuration fragment with
AGL's own scheme.
- SELinux specific recipes and bbappends are added via a meta-selinux
dynamic-layers addition in meta-agl-core to keep using meta-selinux
optional. This will avoid issues with the Yocto autobuilder testing
of meta-agl-core.
- To avoid the effectively hard-coded autorelabel on first boot, a
bbappend is added to the selinux-autorelabel recipe to remove the
flag creation. In the off chance that a build happens on a filesystem
without xattr support, the logic in the selinux-image bbclass will
still touch the /.autorelabel flag and trigger relabeling.
- A systemd unit and script are added with a new systemd-selinux-relabel
recipe to handle relabeling of some systemd generated files that do
not get handled during root filesystem construction. Some of these
can be addressed by some upstream tweaks, but /etc/machine-id will
always need special handling unless there is a shift to using
read-only or stateless root by default. With this workaround we still
avoid doing a full relabel and reboot on first boot, which helps
simplify CI.
Bug-AGL: SPEC-4332
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ibf469e11eb3a67709074cc6794b3d12cd5071a90
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27790
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
The config option does provoke an Internal error at runtime.
Disable it for the BBE.
Bug-AGL: SPEC-4156
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I9c6c8a1279a3c4f40c383e036251f51bb4e9fc8e
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27240
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
|
|
This is mostly the result of running a slightly customized version
of the convert-overrides.py script from poky with additional
overrides added. A few minor fixups were done by hand afterwards
during a review of the changes.
The intent of these changes is to minimize the effort to keep the
"next" branch that builds against poky master up to date and tested
in preparation for the switch to the next Yocto LTS release in
early 2022.
Bug-AGL: SPEC-4052
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ia3bf63b7cb1aa1d95ada373d1a3ab56def0a125d
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26564
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
Refactor the kernel configuration fragment handling to shift all AGL
applied configuration fragments into a new AGL_KCONFIG_FRAGMENTS
variable that is used to generate SRC_URI and KERNEL_CONFIG_FRAGMENTS
additions for the various BSPs. The intent is to make it simple to
disable AGL provided configuration in downstream builds as the IC EG
has expressed as a requirement. Additionally, the rework has allowed
for some clean up of accumulated cruft.
In practice, clearing AGL_KCONFIG_FRAGMENTS drops all non-BSP provided
kernel configuration with the exception of some qemu BSP related
additions required for AGL CI and some explicitly configurable things
like netboot support.
Notable changes:
- Instead of always using AGL's own fragment merging logic on top of
the BSP kernel recipe, an effort is now made to leverage the BSP
recipes' own merging schemes, so there are now separate include
files for kernel-yocto.bbclass and plain kernel.bbclass based kernel
recipes, as well as a common include file that defines the
AGL_KCONFIG_FRAGMENTS variable and its derivations. That file can
be included directly in bbappends for BSP kernel recipes that use
the KERNEL_CONFIG_FRAGMENTS scheme (e.g. meta-ti, meta-qcom).
- The SMACK enabling configuration in meta-app-framework has been
updated to supply different fragments for enabling SMACK by default
for 4.x and 5.x kernels. This removes a warning from always
supplying the old configuration, and allows providing a CONFIG_LSM
definition to ensure over-riding any BSP modifications.
This allows removing the previous hack to handle CONFIG_LSM being
set in the defconfigs in linux-raspberrypi.
- By request, the linux-yocto support from meta-agl-bsp/meta-core has
been rationalized into meta-agl-core to improve the experience when
using meta-agl-core standalone for testing.
- All demo supporting kernel configuration has been removed, a
subsequent change to meta-agl-demo will add it there by leveraging
AGL_KCONFIG_FRAGMENTS.
- The hardware device support has been split out of the can-bus.cfg
fragment, in favor of shifting it to meta-agl-demo. A few other
stray non-CAN configuration options have also been removed from
can-bus.cfg, as they do not seem to be required.
Bug-AGL: SPEC-3983
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: If6662fd36e26cec767b1d53b1188a74d01ef9dcf
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26460
Reviewed-by: Hiroyuki Ishii <ishii.hiroyuki002@jp.panasonic.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
|
Scott Murray
Jan-Simon Moeller