| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20061125221902.81746eac.chris@friedhoff.org> Date: Sat, 25 Nov 2006 22:19:02 +0100 From: Chris Friedhoff <chris@...edhoff.org> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Andrew Morton <akpm@...l.org>, Chris Friedhoff <chris@...edhoff.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Stephen Smalley <sds@...ho.nsa.gov>, James Morris <jmorris@...ei.org>, Chris Wright <chrisw@...s-sol.org>, KaiGai Kohei <kaigai@...gai.gr.jp>, Alexey Dobriyan <adobriyan@...il.com> Subject: Re: file caps: permit unsafe signaling when CONFIG_FS_CAPS=n Serge, may I ask you to send a new complete patch with Andrew Mortons additions and this change and a new changelog entry. Thanks Chris On Fri, 24 Nov 2006 12:17:42 -0600 "Serge E. Hallyn" <serue@...ibm.com> wrote: > Quoting Serge E. Hallyn (serue@...ibm.com): > > Ok, the following patch restores the CONFIG_FS_CAPS=n signaling > > behavior, but I'm having a config problem. When > > CONFIG_SECURITY_CAPABILITIES=n, and I toggle > > CONFIG_SECURITY_FS_CAPABILITIES between y and n, security/commoncap.o > > does not recompile. However since capabilities are now the default > > security module, commoncap.o is in fact included in the kernel build, > > and therefore should be recompiled. > > > > Looking into why, but maybe someone knows offhand what would be going > > wrong? > > Uh, never mind. It does the right thing. CONFIG_SECURITY=n means we > use capabilities, but CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=n > means we use dummy. The following patch fixes the Kconfig accordingly. > > From: Serge E. Hallyn <serue@...ibm.com> > Subject: [PATCH 1/1] file caps: don't show FILE_CAPABILITIES option when not relevant > > FILE_CAPABILITIES are relevant when CONFIG_SECURITY=n, but not when > CONFIG_SECURITY=y && CONFIG_SECURITY_CAPABILITIES=n. So make > CONFIG_SECURITY_FS_CAPABILITIES depend on the right conditions. > > Signed-off-by: Serge E. Hallyn <serue@...ibm.com> > --- > security/Kconfig | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 6c9d69e..1b47f01 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -82,6 +82,7 @@ config SECURITY_CAPABILITIES > > config SECURITY_FS_CAPABILITIES > bool "File POSIX Capabilities" > + depends on SECURITY=n || SECURITY_CAPABILITIES=y > default n > help > This enables filesystem capabilities, allowing you to give > -- > 1.4.1 > -------------------- Chris Friedhoff chris@...edhoff.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists