On 21 Jun 2017, at 23:46, Khem Raj <[email protected]> wrote:
> On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen <[email protected]
> <mailto:[email protected]>> wrote:
> Has anyone tried using AppArmor with Yocto? The recipe in the
> meta-security layer is broken, and when fixed so it actually builds, it
> turns out the installed init script relies on functions not found in
> Yocto's version of LSB.
> That seems a bug to me perhaps can be fixed in initscripts ?
I ended up replacing the recipe with one combining the one from meta-security
and from the OpenSwitch project[1]. This allowed me to get rid of the sysvinit
and apache2 dependencies. I’ll have to look for Tom Rini’s tweaks and see if he
fixed the Python issues more elegantly.
IIRC the issues I ran into with the meta-security recipe were:
- The tools under binutils require the static library
- The systemd service file isn’t installed
- The Python apparmor module is built against Python 2.7, while the scripts
that use it are Python 3. Commit
89683b4fee4616a08d249bc7afd7be55f3fa71a3 is wrong, it papers over a QA warning
without fixing the actual problem.
- The Python LibAppArmor module isn’t built at all.
Regards,
Anders
[1]
<http://git.openswitch.net/cgit/openswitch/ops-build/tree/yocto/openswitch/meta-foss-openswitch/recipes-security/apparmor
<http://git.openswitch.net/cgit/openswitch/ops-build/tree/yocto/openswitch/meta-foss-openswitch/recipes-security/apparmor/apparmor_2.10.95.bb?h=master>>
--
_______________________________________________
yocto mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/yocto
