Make SELinux depend on AUDIT as it requires the basic audit support to
log permission denials at all. Note that AUDITSYSCALL remains optional
for SELinux, although it can be useful in providing further information
upon denials. Please apply.
Signed-off-by: Stephen Smalley <[email protected]>
Acked-by: James Morris <[email protected]>
---
init/Kconfig | 1 -
security/selinux/Kconfig | 2 +-
security/selinux/avc.c | 2 --
3 files changed, 1 insertion(+), 4 deletions(-)
diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/init/Kconfig linux-2.6.16-rc2-git2-x/init/Kconfig
--- linux-2.6.16-rc2-git2/init/Kconfig 2006-02-07 09:31:03.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/init/Kconfig 2006-02-07 09:48:49.000000000 -0500
@@ -169,7 +169,6 @@ config SYSCTL
config AUDIT
bool "Auditing support"
depends on NET
- default y if SECURITY_SELINUX
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/security/selinux/avc.c linux-2.6.16-rc2-git2-x/security/selinux/avc.c
--- linux-2.6.16-rc2-git2/security/selinux/avc.c 2006-02-06 11:44:47.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/security/selinux/avc.c 2006-02-07 09:48:49.000000000 -0500
@@ -43,13 +43,11 @@ static const struct av_perm_to_string
#undef S_
};
-#ifdef CONFIG_AUDIT
static const char *class_to_string[] = {
#define S_(s) s,
#include "class_to_string.h"
#undef S_
};
-#endif
#define TB_(s) static const char * s [] = {
#define TE_(s) };
diff -rup -X /home/sds/dontdiff linux-2.6.16-rc2-git2/security/selinux/Kconfig linux-2.6.16-rc2-git2-x/security/selinux/Kconfig
--- linux-2.6.16-rc2-git2/security/selinux/Kconfig 2006-02-07 09:31:03.000000000 -0500
+++ linux-2.6.16-rc2-git2-x/security/selinux/Kconfig 2006-02-07 09:48:49.000000000 -0500
@@ -1,6 +1,6 @@
config SECURITY_SELINUX
bool "NSA SELinux Support"
- depends on SECURITY_NETWORK && NET && INET
+ depends on SECURITY_NETWORK && AUDIT && NET && INET
default n
help
This selects NSA Security-Enhanced Linux (SELinux).
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]