package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.
We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- make it a separate package
- split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-27 21:38:37 +01:00
|
|
|
config BR2_PACKAGE_APPARMOR
|
|
|
|
|
bool "apparmor"
|
|
|
|
|
depends on BR2_USE_MMU # fork()
|
|
|
|
|
depends on BR2_INSTALL_LIBSTDCPP
|
|
|
|
|
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # libapparmor
|
|
|
|
|
depends on BR2_TOOLCHAIN_HAS_THREADS # libapparmor
|
|
|
|
|
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16 # libapparmor
|
|
|
|
|
select BR2_PACKAGE_LIBAPPARMOR
|
|
|
|
|
help
|
|
|
|
|
AppArmor is an effective and easy-to-use Linux application
|
|
|
|
|
security system. AppArmor proactively protects the operating
|
|
|
|
|
system and applications from external or internal threats,
|
|
|
|
|
even zero-day attacks, by enforcing good behavior and
|
|
|
|
|
preventing even unknown application flaws from being
|
|
|
|
|
exploited.
|
|
|
|
|
|
|
|
|
|
This package builds the parser (which can load profiles).
|
|
|
|
|
|
|
|
|
|
http://wiki.apparmor.net
|
|
|
|
|
|
2020-03-27 22:13:14 +01:00
|
|
|
if BR2_PACKAGE_APPARMOR
|
|
|
|
|
|
|
|
|
|
config BR2_PACKAGE_APPARMOR_BINUTILS
|
|
|
|
|
bool "binutils"
|
|
|
|
|
help
|
|
|
|
|
A set of utilities (written in C):
|
|
|
|
|
aa-enabled aa-exec
|
|
|
|
|
|
package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.
The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.
Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- split into its own patch
- re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-29 09:55:01 +02:00
|
|
|
comment "utils need python3"
|
|
|
|
|
depends on !BR2_PACKAGE_PYTHON3
|
|
|
|
|
|
|
|
|
|
config BR2_PACKAGE_APPARMOR_UTILS
|
|
|
|
|
bool "utils"
|
|
|
|
|
depends on BR2_PACKAGE_PYTHON3
|
2020-05-08 03:59:55 +02:00
|
|
|
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # net-tools
|
|
|
|
|
select BR2_PACKAGE_NET_TOOLS # runtime (aa-unconfined)
|
package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.
The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.
Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- split into its own patch
- re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-29 09:55:01 +02:00
|
|
|
select BR2_PACKAGE_PYTHON3_READLINE
|
|
|
|
|
help
|
2020-05-08 03:59:54 +02:00
|
|
|
A set of utilities (written in python):
|
package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.
The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.
Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- split into its own patch
- re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-29 09:55:01 +02:00
|
|
|
aa-audit aa-disable aa-logprof
|
|
|
|
|
aa-autodep aa-easyprof aa-mergeprof
|
|
|
|
|
aa-cleanprof aa-enforce aa-status
|
|
|
|
|
aa-complain aa-genprof aa-unconfined
|
|
|
|
|
|
|
|
|
|
if BR2_PACKAGE_APPARMOR_UTILS
|
|
|
|
|
|
|
|
|
|
comment "utils (extras) need bash and perl, and busybox or gawk"
|
|
|
|
|
depends on !BR2_PACKAGE_BASH || !BR2_PACKAGE_PERL \
|
|
|
|
|
|| !(BR2_PACKAGE_BUSYBOX || BR2_PACKAGE_GAWK)
|
|
|
|
|
|
|
|
|
|
config BR2_PACKAGE_APPARMOR_UTILS_EXTRA
|
|
|
|
|
bool "utils (extras)"
|
|
|
|
|
depends on BR2_PACKAGE_BASH
|
|
|
|
|
depends on BR2_PACKAGE_PERL
|
|
|
|
|
depends on BR2_PACKAGE_BUSYBOX || BR2_PACKAGE_GAWK
|
|
|
|
|
help
|
|
|
|
|
An extra set of utilities (written in a mixture of sh,
|
|
|
|
|
bash, perl, and awk):
|
|
|
|
|
aa-decode (bash + perl)
|
|
|
|
|
aa-notify (perl)
|
|
|
|
|
aa-remove-unknown (sh + awk)
|
|
|
|
|
|
|
|
|
|
endif # BR2_PACKAGE_APPARMOR_UTILS
|
|
|
|
|
|
2020-03-28 09:28:08 +01:00
|
|
|
config BR2_PACKAGE_APPARMOR_PROFILES
|
|
|
|
|
bool "profiles"
|
|
|
|
|
help
|
|
|
|
|
Installs server-class profiles for a wide range of
|
|
|
|
|
usual programs and daemons.
|
|
|
|
|
|
2020-03-27 22:13:14 +01:00
|
|
|
endif # BR2_PACKAGE_APPARMOR
|
|
|
|
|
|
package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.
We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- make it a separate package
- split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-27 21:38:37 +01:00
|
|
|
comment "apparmor needs a toolchain w/ headers >= 3.16, threads, C++"
|
|
|
|
|
depends on BR2_USE_MMU
|
|
|
|
|
depends on BR2_TOOLCHAIN_HAS_SYNC_4
|
|
|
|
|
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
|
|
|
|
|
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16
|
