| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250824222813.92300-1-rdunlap@infradead.org>
Date: Sun, 24 Aug 2025 15:28:13 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: linux-kernel@...r.kernel.org
Cc: Randy Dunlap <rdunlap@...radead.org>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org,
Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: [PATCH] security: keys: use menuconfig for KEYS symbol
Give the KEYS kconfig symbol and its associated symbols a separate
menu space under Security options by using "menuconfig" instead of
"config".
This also makes it easier to find the security and LSM options.
Signed-off-by: Randy Dunlap <rdunlap@...radead.org>
---
Cc: David Howells <dhowells@...hat.com>
Cc: Jarkko Sakkinen <jarkko@...nel.org>
Cc: keyrings@...r.kernel.org
Cc: linux-security-module@...r.kernel.org
Cc: Paul Moore <paul@...l-moore.com>
Cc: James Morris <jmorris@...ei.org>
Cc: "Serge E. Hallyn" <serge@...lyn.com>
security/keys/Kconfig | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
--- linux-next-20250819.orig/security/keys/Kconfig
+++ linux-next-20250819/security/keys/Kconfig
@@ -3,7 +3,7 @@
# Key management configuration
#
-config KEYS
+menuconfig KEYS
bool "Enable access key retention support"
select ASSOCIATIVE_ARRAY
help
@@ -21,9 +21,10 @@ config KEYS
If you are unsure as to whether this is required, answer N.
+if KEYS
+
config KEYS_REQUEST_CACHE
bool "Enable temporary caching of the last request_key() result"
- depends on KEYS
help
This option causes the result of the last successful request_key()
call that didn't upcall to the kernel to be cached temporarily in the
@@ -41,7 +42,6 @@ config KEYS_REQUEST_CACHE
config PERSISTENT_KEYRINGS
bool "Enable register of persistent per-UID keyrings"
- depends on KEYS
help
This option provides a register of persistent per-UID keyrings,
primarily aimed at Kerberos key storage. The keyrings are persistent
@@ -58,7 +58,6 @@ config PERSISTENT_KEYRINGS
config BIG_KEYS
bool "Large payload keys"
- depends on KEYS
depends on TMPFS
select CRYPTO_LIB_CHACHA20POLY1305
help
@@ -70,7 +69,6 @@ config BIG_KEYS
config TRUSTED_KEYS
tristate "TRUSTED KEYS"
- depends on KEYS
help
This option provides support for creating, sealing, and unsealing
keys in the kernel. Trusted keys are random number symmetric keys,
@@ -85,7 +83,6 @@ endif
config ENCRYPTED_KEYS
tristate "ENCRYPTED KEYS"
- depends on KEYS
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_AES
@@ -114,7 +111,6 @@ config USER_DECRYPTED_DATA
config KEY_DH_OPERATIONS
bool "Diffie-Hellman operations on retained keys"
- depends on KEYS
select CRYPTO
select CRYPTO_KDF800108_CTR
select CRYPTO_DH
@@ -127,9 +123,11 @@ config KEY_DH_OPERATIONS
config KEY_NOTIFICATIONS
bool "Provide key/keyring change notifications"
- depends on KEYS && WATCH_QUEUE
+ depends on WATCH_QUEUE
help
This option provides support for getting change notifications
on keys and keyrings on which the caller has View permission.
This makes use of pipes to handle the notification buffer and
provides KEYCTL_WATCH_KEY to enable/disable watches.
+
+endif # KEYS
Powered by blists - more mailing lists