README.md: initial layer descriptionsandbox/pohly/security

Also contains instructions for configuring via local.conf.

Change-Id: Ib9b765ad7e5fb7ef9f8113b95a2dd714c2cb24f7

1 files changed, 30 insertions, 0 deletions

diff --git a/meta-tizen-security/README.md b/meta-tizen-security/README.md
new file mode 100644
index 00000000..57ea64c2
--- /dev/null
+++ b/meta-tizen-security/README.md
@@ -0,0 +1,30 @@
+This layer adds security components and configuration from Tizen to a
+standard OE distribution.
+
+It has some dependencies on a suitable BSP; in particular the kernel
+must have certain Smack-related patches. For linux-yocto 3.14, the
+necessary patches are added by this layer. The necessary kernel
+configuration parameters are added to all kernel versions by this
+layer.
+
+To enable security, add the layer bblayers.conf and in the following entries
+to local.conf:
+
+# Enable Smack support. Eventually this needs to move into a distro conf
+# where it needs to be added to DISTROOVERRIDES depending on a distro
+# feature.
+OVERRIDES .= ":smack"
+
+# Enable systemd.
+DISTRO_FEATURES_append = " pam"
+DISTRO_FEATURES_append += " systemd"
+VIRTUAL-RUNTIME_init_manager = "systemd"
+DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
+VIRTUAL-RUNTIME_initscripts = ""
+# CORE_IMAGE_EXTRA_INSTALL += "systemd-analyze"
+
+# Need Smack support in file utilities.
+CORE_IMAGE_EXTRA_INSTALL += "coreutils"
+
+# Having Smack utilities is useful.
+CORE_IMAGE_EXTRA_INSTALL += "smack-userspace"