lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 28 May 2010 03:11:09 +0500
From:	Shaz <shazalive@...il.com>
To:	James Morris <jmorris@...ei.org>
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH] Correcting Kconfig for default security module

Dear James,

The following patch removes the confusion that if someone want to have
LSM as secondary and chooses DAC as the default. This will disable LSM
as discussed on SELinux mailing list.

------------------------------------------------------------------------------------------------------------------------------------------------------------

diff -uNr linux-2.6.34/security/Kconfig linux-2.6.34-my/security/Kconfig
--- linux-2.6.34-orig/security/Kconfig	2010-05-17 02:17:36.000000000 +0500
+++ linux-2.6.34/security/Kconfig	2010-05-28 02:43:07.000000000 +0500
@@ -148,11 +148,10 @@
 	default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
 	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
 	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
-	default DEFAULT_SECURITY_DAC

 	help
 	  Select the security module that will be used by default if the
-	  kernel parameter security= is not specified.
+	  kernel parameter security= is not specified. DAC stays as the default.

 	config DEFAULT_SECURITY_SELINUX
 		bool "SELinux" if SECURITY_SELINUX=y
@@ -163,9 +162,7 @@
 	config DEFAULT_SECURITY_TOMOYO
 		bool "TOMOYO" if SECURITY_TOMOYO=y

-	config DEFAULT_SECURITY_DAC
-		bool "Unix Discretionary Access Controls"
-
+	
 endchoice

 config DEFAULT_SECURITY

-- 
Shaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ