Author: zbyniu Date: Thu May 29 14:20:26 2008 GMT Module: SPECS Tag: LINUX_2_6 ---- Log message: - shy apparmor back, needs testing so bconded
---- Files affected: SPECS: kernel.spec (1.441.2.1913 -> 1.441.2.1914) ---- Diffs: ================================================================ Index: SPECS/kernel.spec diff -u SPECS/kernel.spec:1.441.2.1913 SPECS/kernel.spec:1.441.2.1914 --- SPECS/kernel.spec:1.441.2.1913 Mon May 26 17:45:44 2008 +++ SPECS/kernel.spec Thu May 29 16:20:20 2008 @@ -7,7 +7,7 @@ # # TODO: # - benchmark NO_HZ & HZ=1000 vs HZ=300 on i686 -# - apparmor (no future?) +# - apparmor (needs testing) # # FUTURE: # - update xen patch @@ -41,8 +41,8 @@ %bcond_without vserver # support for VServer (enabled by default) %bcond_without tuxonice # support for tuxonice (ex-suspend2) (enabled by default) - %bcond_with vs22 # use vserver 2.2 instead of 2.3 (see comment near patch 102) +%bcond_with apparmor # build kernel with apparmor (very exerimental mix) %bcond_with rescuecd # build kernel for our rescue @@ -335,8 +335,10 @@ # (only warnings, so just remove parts of this patch if conflics) Patch2500: linux-2.6-warnings.patch -Patch5000: apparmor-2.6.20.3-v405-fullseries.diff -Patch5001: linux-2.6-apparmor-caps.patch +# based on https://forgesvn1.novell.com/svn/apparmor/trunk/kernel-patches/2.6.25 rev 1266 +# repatched and adapted for vserver/grsec changes in vfs API, very experimental +Patch5000: kernel-apparmor.patch +#Patch5001: linux-2.6-apparmor-caps.patch # for rescuecd # based on http://ftp.leg.uct.ac.za/pub/linux/rip/inittmpfs-2.6.14.diff.gz @@ -877,11 +879,6 @@ %patch2500 -p1 -# FIXME !!! 2.6.24 (no modular security? crap) -# Apparmor -# %patch5000 -p1 -# %patch5001 -p1 - %if %{with rescuecd} %patch7000 -p1 %patch7001 -p1 @@ -926,6 +923,12 @@ # # end of grsecurity & pax stuff +# apparmor +%if %{with apparmor} +%patch5000 -p1 +# %patch5001 -p1 +%endif + %ifarch ppc ppc64 #patch200 -p1 %endif @@ -1173,6 +1176,17 @@ RescueConfig %{defconfig} %endif +# apparmor, will be moved to external file if works +%if %{with apparmor} +echo CONFIG_SECURITY_APPARMOR=y >> %{defconfig} +echo CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 >> %{defconfig} +echo "# CONFIG_SECURITY_APPARMOR_DISABLE is not set" >> %{defconfig} +# patch for unionfs not ready yet +sed -i "s:CONFIG_UNION_FS=m:# CONFIG_UNION_FS is not set:" %{defconfig} +# some conflict with smack, todo +sed -i "s:CONFIG_SECURITY_SMACK=y:# CONFIG_SECURITY_SMACK is not set:" %{defconfig} +%endif + %{?debug:sed -i "s:# CONFIG_DEBUG_SLAB is not set:CONFIG_DEBUG_SLAB=y:" %{defconfig}} %{?debug:sed -i "s:# CONFIG_DEBUG_PREEMPT is not set:CONFIG_DEBUG_PREEMPT=y:" %{defconfig}} %{?debug:sed -i "s:# CONFIG_RT_DEADLOCK_DETECT is not set:CONFIG_RT_DEADLOCK_DETECT=y:" %{defconfig}} @@ -1686,6 +1700,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.441.2.1914 2008-05-29 14:20:20 zbyniu +- shy apparmor back, needs testing so bconded + Revision 1.441.2.1913 2008-05-26 15:45:44 zbyniu - bcond myown; fixed %files on sparc ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/kernel.spec?r1=1.441.2.1913&r2=1.441.2.1914&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
