[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071009162812.00e80a0c.randy.dunlap@oracle.com>
Date: Tue, 9 Oct 2007 16:28:12 -0700
From: Randy Dunlap <randy.dunlap@...cle.com>
To: James Morris <jmorris@...ei.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org, Stephen Smalley <sds@...ho.nsa.gov>
Subject: Re: [PATCH 1/6] SELinux: change Kconfig to use select instead of
depends
On Wed, 10 Oct 2007 09:19:55 +1000 (EST) James Morris wrote:
> From: Eric Paris <eparis@...hat.com>
>
> Changes the security/selinux/Kconfig to use select instead of depends
> for most of the SELinux requirements. This allows the SELinux option to
> show up when people do a make config without already knowing they had to
> enable audit and other non-obvious choices. Added a depends on SECURITY
> (which previously existed through SECURITY_NETWORK) so that SELinux
> would not always show up, but would be easy and intuitive to find.
>
> Signed-off-by: Eric Paris <eparis@...hat.com>
> Acked-by: Stephen Smalley <sds@...ho.nsa.gov>
> Signed-off-by: James Morris <jmorris@...amei>
> ---
> security/selinux/Kconfig | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
> index b32a459..40b97e6 100644
> --- a/security/selinux/Kconfig
> +++ b/security/selinux/Kconfig
> @@ -1,6 +1,10 @@
> config SECURITY_SELINUX
> bool "NSA SELinux Support"
> - depends on SECURITY_NETWORK && AUDIT && NET && INET
> + depends on SECURITY
> + select SECURITY_NETWORK
> + select AUDIT
> + select NET
> + select INET
> select NETWORK_SECMARK
> default n
> help
I doth protest. Enabling the entire NET subsystem thru a hidden
select is awful. Select should be used (sparingly) to enable
library code only. If someone wants NET enabled, they should
enable it overtly, not covertly.
> @@ -9,6 +13,7 @@ config SECURITY_SELINUX
> You can obtain the policy compiler (checkpolicy), the utility for
> labeling filesystems (setfiles), and an example policy configuration
> from <http://www.nsa.gov/selinux/>.
> +
> If you are unsure how to answer this question, answer N.
>
> config SECURITY_SELINUX_BOOTPARAM
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists