Age | Commit message (Collapse) | Author | Files | Lines |
|
Using the OVERRIDE "smack" came with the use of
the layer meta-intel-iot-security.
When switching to meta-security, it conflicts with the
package name 'smack' that provide the smack user library.
Yocto was reporting the following error:
ERROR: .../meta-security/recipes-security/smack/smack_1.3.0.bb:
QA Issue: Recipe .../meta-security/recipes-security/smack/smack_1.3.0.bb
has PN of "smack" which is in OVERRIDES, this can result
in unexpected behaviour. [pn-overrides]
Change-Id: Id71b283bf1ce5682bd94bf96595eb32506acb1d5
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
Bug-AGL: SPEC-1181
Change-Id: I87b72202bb728a33bd16e0b275c268946ce61aff
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
|
|
This patch is already applied to linux-yocto_4.4.26
Change-Id: Icc58ac2f2d14589c5318286b487f0e13e5ff93f2
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
It is important for developement process and for monitoring
hacking to track violations and to monitor wrong uses or problems.
By activating audit with Smack we ensure that detection and reporting
of hazardous or malicious violations will be possible.
Change-Id: I7808ff17b5b8ba1fb09742fd273f46f06917d26b
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
The sockets created by kernel thread will now be
tagged @ instead of _.
This problem was occuring during creation of AF_BLUETOOTH (but is
also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go
through the normal socket creation process within linux).
Having the tag @ allows read/write to sockets without special
rules and tus solve the problem.
This solution from upstream linux patches backported and from
a patch made by Samsung for Tizen and that is currently
discussed within kernel lists.
Also add some improvements of the LSM Smack (valid caching and signal 0).
These improvements are backports of patches already available for
linux 4.9-rc3.
AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293)
Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|