[patch 1/1] selinux: require AUDIT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Make SELinux depend on AUDIT as it requires the basic audit support to
log permission denials at all.  Note that AUDITSYSCALL remains optional
for SELinux, although it can be useful in providing further information
upon denials.  Please apply.

Signed-off-by:  Stephen Smalley <[email protected]>
Acked-by:  James Morris <[email protected]>

---

 init/Kconfig             |    1 -
 security/selinux/Kconfig |    2 +-
 security/selinux/avc.c   |    2 --
 3 files changed, 1 insertion(+), 4 deletions(-)

diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/init/Kconfig linux-2.6.16-rc2-git2-x/init/Kconfig
--- linux-2.6.16-rc2-git2/init/Kconfig	2006-02-07 09:31:03.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/init/Kconfig	2006-02-07 09:48:49.000000000 -0500
@@ -169,7 +169,6 @@ config SYSCTL
 config AUDIT
 	bool "Auditing support"
 	depends on NET
-	default y if SECURITY_SELINUX
 	help
 	  Enable auditing infrastructure that can be used with another
 	  kernel subsystem, such as SELinux (which requires this for
diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/security/selinux/avc.c linux-2.6.16-rc2-git2-x/security/selinux/avc.c
--- linux-2.6.16-rc2-git2/security/selinux/avc.c	2006-02-06 11:44:47.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/security/selinux/avc.c	2006-02-07 09:48:49.000000000 -0500
@@ -43,13 +43,11 @@ static const struct av_perm_to_string
 #undef S_
 };
 
-#ifdef CONFIG_AUDIT
 static const char *class_to_string[] = {
 #define S_(s) s,
 #include "class_to_string.h"
 #undef S_
 };
-#endif
 
 #define TB_(s) static const char * s [] = {
 #define TE_(s) };
diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/security/selinux/Kconfig linux-2.6.16-rc2-git2-x/security/selinux/Kconfig
--- linux-2.6.16-rc2-git2/security/selinux/Kconfig	2006-02-07 09:31:03.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/security/selinux/Kconfig	2006-02-07 09:48:49.000000000 -0500
@@ -1,6 +1,6 @@
 config SECURITY_SELINUX
 	bool "NSA SELinux Support"
-	depends on SECURITY_NETWORK && NET && INET
+	depends on SECURITY_NETWORK && AUDIT && NET && INET
 	default n
 	help
 	  This selects NSA Security-Enhanced Linux (SELinux).

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux