All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
@ 2019-12-10 16:55 Stephen Smalley
  2019-12-10 19:15 ` Paul Moore
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2019-12-10 16:55 UTC (permalink / raw)
  To: paul
  Cc: selinux, linux-security-module, linux-next, jamorris, Stephen Smalley

The lsm_audit code is only required when CONFIG_SECURITY is enabled.
It does not have a build dependency on CONFIG_AUDIT since audit.h
provides trivial static inlines for audit_log*() when CONFIG_AUDIT
is disabled.  Hence, the Makefile should only add lsm_audit to the
obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.

Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 security/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/Makefile b/security/Makefile
index be1dd9d2cb2f..746438499029 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY)			+= security.o
 obj-$(CONFIG_SECURITYFS)		+= inode.o
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/
 obj-$(CONFIG_SECURITY_SMACK)		+= smack/
-obj-$(CONFIG_AUDIT)			+= lsm_audit.o
+obj-$(CONFIG_SECURITY)			+= lsm_audit.o
 obj-$(CONFIG_SECURITY_TOMOYO)		+= tomoyo/
 obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/
 obj-$(CONFIG_SECURITY_YAMA)		+= yama/
-- 
2.23.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
  2019-12-10 16:55 [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y Stephen Smalley
@ 2019-12-10 19:15 ` Paul Moore
  2019-12-12 22:04   ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2019-12-10 19:15 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux, linux-security-module, linux-next, jamorris

On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> The lsm_audit code is only required when CONFIG_SECURITY is enabled.
> It does not have a build dependency on CONFIG_AUDIT since audit.h
> provides trivial static inlines for audit_log*() when CONFIG_AUDIT
> is disabled.  Hence, the Makefile should only add lsm_audit to the
> obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.
>
> Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
>  security/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Merged into selinux/next in order to fix the linux-next build
breakage.  James, if you would prefer a different fix, let us know.

> diff --git a/security/Makefile b/security/Makefile
> index be1dd9d2cb2f..746438499029 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY)                        += security.o
>  obj-$(CONFIG_SECURITYFS)               += inode.o
>  obj-$(CONFIG_SECURITY_SELINUX)         += selinux/
>  obj-$(CONFIG_SECURITY_SMACK)           += smack/
> -obj-$(CONFIG_AUDIT)                    += lsm_audit.o
> +obj-$(CONFIG_SECURITY)                 += lsm_audit.o
>  obj-$(CONFIG_SECURITY_TOMOYO)          += tomoyo/
>  obj-$(CONFIG_SECURITY_APPARMOR)                += apparmor/
>  obj-$(CONFIG_SECURITY_YAMA)            += yama/
> --
> 2.23.0

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
  2019-12-10 19:15 ` Paul Moore
@ 2019-12-12 22:04   ` James Morris
  0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2019-12-12 22:04 UTC (permalink / raw)
  To: Paul Moore
  Cc: Stephen Smalley, selinux, linux-security-module, linux-next, jamorris

On Tue, 10 Dec 2019, Paul Moore wrote:

> On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > The lsm_audit code is only required when CONFIG_SECURITY is enabled.
> > It does not have a build dependency on CONFIG_AUDIT since audit.h
> > provides trivial static inlines for audit_log*() when CONFIG_AUDIT
> > is disabled.  Hence, the Makefile should only add lsm_audit to the
> > obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.
> >
> > Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> > ---
> >  security/Makefile | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Merged into selinux/next in order to fix the linux-next build
> breakage.  James, if you would prefer a different fix, let us know.

LGTM

> 
> > diff --git a/security/Makefile b/security/Makefile
> > index be1dd9d2cb2f..746438499029 100644
> > --- a/security/Makefile
> > +++ b/security/Makefile
> > @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY)                        += security.o
> >  obj-$(CONFIG_SECURITYFS)               += inode.o
> >  obj-$(CONFIG_SECURITY_SELINUX)         += selinux/
> >  obj-$(CONFIG_SECURITY_SMACK)           += smack/
> > -obj-$(CONFIG_AUDIT)                    += lsm_audit.o
> > +obj-$(CONFIG_SECURITY)                 += lsm_audit.o
> >  obj-$(CONFIG_SECURITY_TOMOYO)          += tomoyo/
> >  obj-$(CONFIG_SECURITY_APPARMOR)                += apparmor/
> >  obj-$(CONFIG_SECURITY_YAMA)            += yama/
> > --
> > 2.23.0
> 
> -- 
> paul moore
> www.paul-moore.com
> 


-- 
James Morris
<jamorris@linuxonhyperv.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-12 22:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-10 16:55 [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y Stephen Smalley
2019-12-10 19:15 ` Paul Moore
2019-12-12 22:04   ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.