Re: [PATCH 1/6] SELinux: change Kconfig to use select instead ofdepends

From: Randy Dunlap
Date: Tue Oct 09 2007 - 19:35:27 EST

Next message: Thomas Gleixner: "Re: [stable] [patch 09/12] Fix SMP poweroff hangs"
Previous message: Linus Torvalds: "Re: [stable] [patch 09/12] Fix SMP poweroff hangs"
In reply to: James Morris: "[PATCH 1/6] SELinux: change Kconfig to use select instead of depends"
Next in thread: James Morris: "Re: [PATCH 1/6] SELinux: change Kconfig to use select instead ofdepends"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Oct 2007 09:19:55 +1000 (EST) James Morris wrote:

> From: Eric Paris <eparis@xxxxxxxxxx>
>
> Changes the security/selinux/Kconfig to use select instead of depends
> for most of the SELinux requirements. This allows the SELinux option to
> show up when people do a make config without already knowing they had to
> enable audit and other non-obvious choices. Added a depends on SECURITY
> (which previously existed through SECURITY_NETWORK) so that SELinux
> would not always show up, but would be easy and intuitive to find.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> Signed-off-by: James Morris <jmorris@xxxxxxx>
> ---
> security/selinux/Kconfig | 7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
> index b32a459..40b97e6 100644
> --- a/security/selinux/Kconfig
> +++ b/security/selinux/Kconfig
> @@ -1,6 +1,10 @@
> config SECURITY_SELINUX
> bool "NSA SELinux Support"
> - depends on SECURITY_NETWORK && AUDIT && NET && INET
> + depends on SECURITY
> + select SECURITY_NETWORK
> + select AUDIT
> + select NET
> + select INET
> select NETWORK_SECMARK
> default n
> help

I doth protest. Enabling the entire NET subsystem thru a hidden
select is awful. Select should be used (sparingly) to enable
library code only. If someone wants NET enabled, they should
enable it overtly, not covertly.

> @@ -9,6 +13,7 @@ config SECURITY_SELINUX
> You can obtain the policy compiler (checkpolicy), the utility for
> labeling filesystems (setfiles), and an example policy configuration
> from <http://www.nsa.gov/selinux/>.
> +
> If you are unsure how to answer this question, answer N.
>
> config SECURITY_SELINUX_BOOTPARAM

---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [stable] [patch 09/12] Fix SMP poweroff hangs"
Previous message: Linus Torvalds: "Re: [stable] [patch 09/12] Fix SMP poweroff hangs"
In reply to: James Morris: "[PATCH 1/6] SELinux: change Kconfig to use select instead of depends"
Next in thread: James Morris: "Re: [PATCH 1/6] SELinux: change Kconfig to use select instead ofdepends"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]