Support the apparmor security module in kernel by default
both for std and rt kernel type.
The design is that apparmor is disabled during boot but
can be enabled by changing the kernel parameters.
Test Plan:
Pass: build-image ok and install the ISO image with qemu:
qemu-img create -f raw boot-image-qemu.hddimg 300G
qemu-system-x86_64 with starlingx-intel-x86-64-cd.iso
After installation and login the system:
$cat /sys/module/apparmor/parameters/enabled
N
$aa-status
apparmor module is loaded.
apparmor filesystem is not mounted.
Pass: Based on above test, run
#sudo reboot
Enter 'e' when grub menu prompts and append 'apparmor=1
security=apparmor' to the
After login, run:
$cat /sys/module/apparmor/parameters/enabled
Y
$aa-status
apparmor module is loaded.
9 profiles are loaded.
8 profiles are in enforce mode.
[The following commit ensures that apparmor is disabled by default]
Depends-On: https://review.opendev.org/c/starlingx/tools/+/849252
Story: 2009221
Task: 45726
Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com>
Change-Id: Ic4ec220a68a2f5c6fb4f18e40f72627ce0890d75
9c3189c99c