On Wed, 10 Oct 2007 09:19:55 +1000 (EST) James Morris wrote:
> From: Eric Paris <[email protected]>
>
> Changes the security/selinux/Kconfig to use select instead of depends
> for most of the SELinux requirements. This allows the SELinux option to
> show up when people do a make config without already knowing they had to
> enable audit and other non-obvious choices. Added a depends on SECURITY
> (which previously existed through SECURITY_NETWORK) so that SELinux
> would not always show up, but would be easy and intuitive to find.
>
> Signed-off-by: Eric Paris <[email protected]>
> Acked-by: Stephen Smalley <[email protected]>
> Signed-off-by: James Morris <[email protected]>
> ---
> security/selinux/Kconfig | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
> index b32a459..40b97e6 100644
> --- a/security/selinux/Kconfig
> +++ b/security/selinux/Kconfig
> @@ -1,6 +1,10 @@
> config SECURITY_SELINUX
> bool "NSA SELinux Support"
> - depends on SECURITY_NETWORK && AUDIT && NET && INET
> + depends on SECURITY
> + select SECURITY_NETWORK
> + select AUDIT
> + select NET
> + select INET
> select NETWORK_SECMARK
> default n
> help
I doth protest. Enabling the entire NET subsystem thru a hidden
select is awful. Select should be used (sparingly) to enable
library code only. If someone wants NET enabled, they should
enable it overtly, not covertly.
> @@ -9,6 +13,7 @@ config SECURITY_SELINUX
> You can obtain the policy compiler (checkpolicy), the utility for
> labeling filesystems (setfiles), and an example policy configuration
> from <http://www.nsa.gov/selinux/>.
> +
> If you are unsure how to answer this question, answer N.
>
> config SECURITY_SELINUX_BOOTPARAM
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]