| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aKzot67f7F3wtHs7@kernel.org> Date: Tue, 26 Aug 2025 01:50:31 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Randy Dunlap <rdunlap@...radead.org> Cc: linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org, linux-security-module@...r.kernel.org, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com> Subject: Re: [PATCH] security: keys: use menuconfig for KEYS symbol On Sun, Aug 24, 2025 at 03:28:13PM -0700, Randy Dunlap wrote: > Give the KEYS kconfig symbol and its associated symbols a separate > menu space under Security options by using "menuconfig" instead of > "config". > > This also makes it easier to find the security and LSM options. > > Signed-off-by: Randy Dunlap <rdunlap@...radead.org> > --- > Cc: David Howells <dhowells@...hat.com> > Cc: Jarkko Sakkinen <jarkko@...nel.org> > Cc: keyrings@...r.kernel.org > Cc: linux-security-module@...r.kernel.org > Cc: Paul Moore <paul@...l-moore.com> > Cc: James Morris <jmorris@...ei.org> > Cc: "Serge E. Hallyn" <serge@...lyn.com> > > security/keys/Kconfig | 14 ++++++-------- > 1 file changed, 6 insertions(+), 8 deletions(-) > > --- linux-next-20250819.orig/security/keys/Kconfig > +++ linux-next-20250819/security/keys/Kconfig > @@ -3,7 +3,7 @@ > # Key management configuration > # > > -config KEYS > +menuconfig KEYS > bool "Enable access key retention support" > select ASSOCIATIVE_ARRAY > help > @@ -21,9 +21,10 @@ config KEYS > > If you are unsure as to whether this is required, answer N. > > +if KEYS > + > config KEYS_REQUEST_CACHE > bool "Enable temporary caching of the last request_key() result" > - depends on KEYS > help > This option causes the result of the last successful request_key() > call that didn't upcall to the kernel to be cached temporarily in the > @@ -41,7 +42,6 @@ config KEYS_REQUEST_CACHE > > config PERSISTENT_KEYRINGS > bool "Enable register of persistent per-UID keyrings" > - depends on KEYS > help > This option provides a register of persistent per-UID keyrings, > primarily aimed at Kerberos key storage. The keyrings are persistent > @@ -58,7 +58,6 @@ config PERSISTENT_KEYRINGS > > config BIG_KEYS > bool "Large payload keys" > - depends on KEYS > depends on TMPFS > select CRYPTO_LIB_CHACHA20POLY1305 > help > @@ -70,7 +69,6 @@ config BIG_KEYS > > config TRUSTED_KEYS > tristate "TRUSTED KEYS" > - depends on KEYS > help > This option provides support for creating, sealing, and unsealing > keys in the kernel. Trusted keys are random number symmetric keys, > @@ -85,7 +83,6 @@ endif > > config ENCRYPTED_KEYS > tristate "ENCRYPTED KEYS" > - depends on KEYS > select CRYPTO > select CRYPTO_HMAC > select CRYPTO_AES > @@ -114,7 +111,6 @@ config USER_DECRYPTED_DATA > > config KEY_DH_OPERATIONS > bool "Diffie-Hellman operations on retained keys" > - depends on KEYS > select CRYPTO > select CRYPTO_KDF800108_CTR > select CRYPTO_DH > @@ -127,9 +123,11 @@ config KEY_DH_OPERATIONS > > config KEY_NOTIFICATIONS > bool "Provide key/keyring change notifications" > - depends on KEYS && WATCH_QUEUE > + depends on WATCH_QUEUE > help > This option provides support for getting change notifications > on keys and keyrings on which the caller has View permission. > This makes use of pipes to handle the notification buffer and > provides KEYCTL_WATCH_KEY to enable/disable watches. > + > +endif # KEYS I wote for this at least. Definitely an improvement: Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org> BR, Jarkko
Powered by blists - more mailing lists