When I run zcat /proc/config.gz I see that some options aren't applied Some of these aren't enabled: CONFIG_AUDIT=y CONFIG_NETWORK_SECMARK=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_JFS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFFS2_FS_SECURITY=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_AUDIT_GENERIC=y
For instance on my device I have: # # Security options # CONFIG_KEYS=y # CONFIG_PERSISTENT_KEYRINGS is not set # CONFIG_BIG_KEYS is not set # CONFIG_ENCRYPTED_KEYS is not set # CONFIG_KEY_DH_OPERATIONS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set *# CONFIG_SECURITY is not set* CONFIG_SECURITYFS=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_CRYPTO=y It seems that cgf file isn't applied at all. Do you have other ideas to apply these changes manually, instead on a custom-layer to try to understand if I made an error in my layer or if is it something else? thank you. Il giorno lun 29 ott 2018 alle ore 18:34 Otavio Salvador < [email protected]> ha scritto: > On Mon, Oct 29, 2018 at 9:34 AM Stefano Cappa > <[email protected]> wrote: > > Do you know if there is a config property for xattrs in .Cfg file? > > Not on top of head. > > -- > Otavio Salvador O.S. Systems > http://www.ossystems.com.br http://code.ossystems.com.br > Mobile: +55 (53) 9 9981-7854 Mobile: +1 (347) 903-9750 > <(347)%20903-9750> >
-- _______________________________________________ meta-freescale mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-freescale
