mirror of https://gitee.com/openkylin/linux.git
[PATCH] selinux: require AUDIT
Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
46cd2f32ba
commit
99f6d61bda
|
@ -169,7 +169,6 @@ config SYSCTL
|
|||
config AUDIT
|
||||
bool "Auditing support"
|
||||
depends on NET
|
||||
default y if SECURITY_SELINUX
|
||||
help
|
||||
Enable auditing infrastructure that can be used with another
|
||||
kernel subsystem, such as SELinux (which requires this for
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
config SECURITY_SELINUX
|
||||
bool "NSA SELinux Support"
|
||||
depends on SECURITY_NETWORK && NET && INET
|
||||
depends on SECURITY_NETWORK && AUDIT && NET && INET
|
||||
default n
|
||||
help
|
||||
This selects NSA Security-Enhanced Linux (SELinux).
|
||||
|
|
|
@ -43,13 +43,11 @@ static const struct av_perm_to_string
|
|||
#undef S_
|
||||
};
|
||||
|
||||
#ifdef CONFIG_AUDIT
|
||||
static const char *class_to_string[] = {
|
||||
#define S_(s) s,
|
||||
#include "class_to_string.h"
|
||||
#undef S_
|
||||
};
|
||||
#endif
|
||||
|
||||
#define TB_(s) static const char * s [] = {
|
||||
#define TE_(s) };
|
||||
|
|
Loading…
Reference in New Issue