Config snippets should be used over file overrides since targeted
changes may be required in multiple recipes.
Since the oe-core sshd_config file now includes
/etc/ssh/sshd_config.d/*.conf, the meta-selinux configuration snippet
does not require the following:
* ChallengeResponseAutnetication: Replaced by
KbdInteractiveAuthentication and set to "no" by default
* Override default of no subsystems: This is already present
* Compression, ClientAliveInterval, and ClientAliveCountMax: No changes
required due to identical requirements of meta-selinux
Testing process:
* Pulled modified meta-selinux layer into Poky and included openssh
* Built core-image-sato and ran via qemu
* Verified /etc/ssh was as expected with an ssh_config.d directory with
the new selinux config snippet inside
* Verified system was including selinux config modification by running
sshd -T
Suggested-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Levi Shafter <lshafter@21sw.us>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
