| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071003222746.GA1562@sergelap.austin.ibm.com> Date: Wed, 3 Oct 2007 17:27:46 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: lkml <linux-kernel@...r.kernel.org> Cc: Chris Wright <chrisw@...s-sol.org>, Andrew Morgan <morgan@...nel.org>, linux-security-module@...r.kernel.org Subject: [PATCH 1/2 -mm] capabilities: define CONFIG_COMMONCAP >From 54c70ca7671750fe8986451fae91d42107d0ca90 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <serue@...ibm.com> Date: Fri, 28 Sep 2007 10:33:33 -0500 Subject: [PATCH 1/2 -mm] capabilities: define CONFIG_COMMONCAP currently the compilation of commoncap.c is determined through Makefile logic. So there is no single CONFIG variable which can be relied upon to know whether it will be compiled. Define CONFIG_COMMONCAP to be true when lsm is not compiled in, or when the capability or rootplug modules are compiled. These are the cases when commoncap is currently compiled. Use this variable in security/Makefile to determine commoncap.c's compilation. Apart from being a logic cleanup, this is needed by the upcoming cap_bset patch so that prctl can know whether PR_SET_BSET should be allowed. Signed-off-by: Serge E. Hallyn <serue@...ibm.com> --- security/Kconfig | 4 ++++ security/Makefile | 9 +++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..02b33fa 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -103,6 +103,10 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. +config COMMONCAP + bool + default !SECURITY || SECURITY_CAPABILITIES || SECURITY_ROOTPLUG + source security/selinux/Kconfig endmenu diff --git a/security/Makefile b/security/Makefile index ef87df2..7cccc81 100644 --- a/security/Makefile +++ b/security/Makefile @@ -5,14 +5,11 @@ obj-$(CONFIG_KEYS) += keys/ subdir-$(CONFIG_SECURITY_SELINUX) += selinux -# if we don't select a security model, use the default capabilities -ifneq ($(CONFIG_SECURITY),y) -obj-y += commoncap.o -endif +obj-$(CONFIG_COMMONCAP) += commoncap.o # Object file lists obj-$(CONFIG_SECURITY) += security.o dummy.o inode.o # Must precede capability.o in order to stack properly. obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o -obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o -obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o +obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o +obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o -- 1.5.1.1.GIT - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists