[PATCH 1/1] UBUNTU: ARM: Enable AA with SECURITYFS for imx51

Tim Gardner tim.gardner at canonical.com
Wed Mar 25 19:06:15 UTC 2009 

Brad Figg wrote:
> Amit Kucheria wrote:
>> On Wed, Mar 25, 2009 at 01:11:23PM +0000, Andy Whitcroft wrote:
>>> On Tue, Mar 24, 2009 at 03:43:46PM -0700, Brad Figg wrote:
>>>> It is necessary to have SECURITYFS enabled at the same time
>>>> as AA.
>>>>
>>>> Signed-off-by: Brad Figg <brad.figg at canonical.com>
>>>> ---
>>>>  debian/config/armel/config           |    1 -
>>>>  debian/config/armel/config.imx51     |    3 ++-
>>>>  debian/config/armel/config.iop32x    |    1 +
>>>>  debian/config/armel/config.ixp4xx    |    1 +
>>>>  debian/config/armel/config.versatile |    1 +
>>>>  5 files changed, 5 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/debian/config/armel/config b/debian/config/armel/config
>>>> index f485def..47bd110 100644
>>>> --- a/debian/config/armel/config
>>>> +++ b/debian/config/armel/config
>>>> @@ -322,7 +322,6 @@ CONFIG_SCSI_DMA=y
>>>>  # CONFIG_SCSI_LOGGING is not set
>>>>  # CONFIG_SCSI_SRP_ATTRS is not set
>>>>  CONFIG_SCSI_WAIT_SCAN=m
>>>> -# CONFIG_SECURITYFS is not set
>>>>  CONFIG_SELECT_MEMORY_MODEL=y
>>>>  CONFIG_SERIAL_CORE=y
>>>>  CONFIG_SERIAL_CORE_CONSOLE=y
>>>> diff --git a/debian/config/armel/config.imx51 b/debian/config/armel/config.imx51
>>>> index 335aa0d..36abaa3 100644
>>>> --- a/debian/config/armel/config.imx51
>>>> +++ b/debian/config/armel/config.imx51
>>>> @@ -1186,8 +1186,9 @@ CONFIG_SDIO_UNIFI_FS=m
>>>>  CONFIG_SDMA_IRAM=y
>>>>  CONFIG_SDMA_IRAM_SIZE=0x1000
>>>>  CONFIG_SECURITY=y
>>>> +CONFIG_SECURITYFS=y
>>>>  CONFIG_SECURITY_APPARMOR=y
>>>> -CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
>>>> +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
>>> Do we know why this changed here?
>> 0 -> 1?
>>
>> That enables AA on bootup. We were compiling AA in, but disabling it on bootup till Brad found the problem.
>>
> 
> I thought that since I'd found the problem and turned on the securityfs
> in the config we'd want to enable AA.
> 
> Was I mistaken?
> 
> Brad
> 

You are not mistaken. Enabling AA was the whole point of this patch set
AFAIUI.

-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list