synit
/
pmbootstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pmb.parse.kconfig: remove apparmor check (MR 2200) 

Remove the check as apparmor is not the way we want to go for privilege
separation anymore.
See https://gitlab.com/postmarketOS/pmaports/-/issues/1596
This commit is contained in:
Luca Weiss 2022-09-04 19:10:48 +02:00
parent 0132af72b5
commit 52530caaf8
No known key found for this signature in database
GPG Key ID: 5AE7F5513E0885CB
4 changed files with 0 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pmb/config/__init__.py
View File

@ -370,26 +370,6 @@ necessary_kconfig_options_anbox = {
}
}
# Necessary apparmor kernel config options (mandatory access control)
# LSM: the value that "config LSM" sets in security/Kconfig, if
# DEFAULT_SECURITY_APPARMOR is set (and other DEFAULT_SECURITY_* are unset).
necessary_kconfig_options_apparmor = {
">=0.0.0": { # all versions
"all": { # all arches
"AUDIT": True,
"DEFAULT_SECURITY_APPARMOR": True,
"LSM": "landlock,lockdown,yama,loadpin,safesetid,integrity,"
"apparmor,selinux,smack,tomoyo,bpf",
"SECURITY_APPARMOR": True,
},
},
"<5.1": {
"all": {
"SECURITY_APPARMOR_BOOTPARAM_VALUE": True,
},
},
}
# Necessary iwd kernel config options (inet wireless daemon)
# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
necessary_kconfig_options_iwd = {

1
pmb/helpers/frontend.py
View File

@ -415,7 +415,6 @@ def kconfig(args):
if not pmb.parse.kconfig.check(
args, package,
force_anbox_check=args.anbox,
force_apparmor_check=args.apparmor,
force_iwd_check=args.iwd,
force_nftables_check=args.nftables,
force_containers_check=args.containers,

2
pmb/parse/arguments.py
View File

@ -466,8 +466,6 @@ def arguments_kconfig(subparser):
" directly instead of a config in a package")
check.add_argument("--anbox", action="store_true", help="check"
" options needed for anbox too")
check.add_argument("--apparmor", action="store_true", help="check"
" options needed for apparmor too")
check.add_argument("--iwd", action="store_true", help="check"
" options needed for iwd too")
check.add_argument("--nftables", action="store_true", help="check"

7
pmb/parse/kconfig.py
View File

@ -86,7 +86,6 @@ def check_option(component, details, config, config_path_pretty, option,
def check_config(config_path, config_path_pretty, config_arch, pkgver,
anbox=False,
apparmor=False,
iwd=False,
nftables=False,
containers=False,
@ -101,8 +100,6 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver,
components = {"postmarketOS": pmb.config.necessary_kconfig_options}
if anbox:
components["anbox"] = pmb.config.necessary_kconfig_options_anbox
if apparmor:
components["apparmor"] = pmb.config.necessary_kconfig_options_apparmor
if iwd:
components["iwd"] = pmb.config.necessary_kconfig_options_iwd
if nftables:
@ -160,7 +157,6 @@ def check_config_options_set(config, config_path_pretty, config_arch, options,
def check(args, pkgname,
force_anbox_check=False,
force_apparmor_check=False,
force_iwd_check=False,
force_nftables_check=False,
force_containers_check=False,
@ -190,8 +186,6 @@ def check(args, pkgname,
pkgver = apkbuild["pkgver"]
check_anbox = force_anbox_check or (
"pmb:kconfigcheck-anbox" in apkbuild["options"])
check_apparmor = force_apparmor_check or (
"pmb:kconfigcheck-apparmor" in apkbuild["options"])
check_iwd = force_iwd_check or (
"pmb:kconfigcheck-iwd" in apkbuild["options"])
check_nftables = force_nftables_check or (
@ -223,7 +217,6 @@ def check(args, pkgname,
ret &= check_config(config_path, config_path_pretty, config_arch,
pkgver,
anbox=check_anbox,
apparmor=check_apparmor,
iwd=check_iwd,
nftables=check_nftables,
containers=check_containers,