* [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
@ 2019-12-10 16:55 Stephen Smalley
2019-12-10 19:15 ` Paul Moore
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2019-12-10 16:55 UTC (permalink / raw)
To: paul
Cc: selinux, linux-security-module, linux-next, jamorris, Stephen Smalley
The lsm_audit code is only required when CONFIG_SECURITY is enabled.
It does not have a build dependency on CONFIG_AUDIT since audit.h
provides trivial static inlines for audit_log*() when CONFIG_AUDIT
is disabled. Hence, the Makefile should only add lsm_audit to the
obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.
Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
security/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/Makefile b/security/Makefile
index be1dd9d2cb2f..746438499029 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o
obj-$(CONFIG_SECURITYFS) += inode.o
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
obj-$(CONFIG_SECURITY_SMACK) += smack/
-obj-$(CONFIG_AUDIT) += lsm_audit.o
+obj-$(CONFIG_SECURITY) += lsm_audit.o
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
obj-$(CONFIG_SECURITY_YAMA) += yama/
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
2019-12-10 16:55 [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y Stephen Smalley
@ 2019-12-10 19:15 ` Paul Moore
2019-12-12 22:04 ` James Morris
0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2019-12-10 19:15 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux, linux-security-module, linux-next, jamorris
On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> The lsm_audit code is only required when CONFIG_SECURITY is enabled.
> It does not have a build dependency on CONFIG_AUDIT since audit.h
> provides trivial static inlines for audit_log*() when CONFIG_AUDIT
> is disabled. Hence, the Makefile should only add lsm_audit to the
> obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.
>
> Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> security/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Merged into selinux/next in order to fix the linux-next build
breakage. James, if you would prefer a different fix, let us know.
> diff --git a/security/Makefile b/security/Makefile
> index be1dd9d2cb2f..746438499029 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o
> obj-$(CONFIG_SECURITYFS) += inode.o
> obj-$(CONFIG_SECURITY_SELINUX) += selinux/
> obj-$(CONFIG_SECURITY_SMACK) += smack/
> -obj-$(CONFIG_AUDIT) += lsm_audit.o
> +obj-$(CONFIG_SECURITY) += lsm_audit.o
> obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
> obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
> obj-$(CONFIG_SECURITY_YAMA) += yama/
> --
> 2.23.0
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y
2019-12-10 19:15 ` Paul Moore
@ 2019-12-12 22:04 ` James Morris
0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2019-12-12 22:04 UTC (permalink / raw)
To: Paul Moore
Cc: Stephen Smalley, selinux, linux-security-module, linux-next, jamorris
On Tue, 10 Dec 2019, Paul Moore wrote:
> On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > The lsm_audit code is only required when CONFIG_SECURITY is enabled.
> > It does not have a build dependency on CONFIG_AUDIT since audit.h
> > provides trivial static inlines for audit_log*() when CONFIG_AUDIT
> > is disabled. Hence, the Makefile should only add lsm_audit to the
> > obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT.
> >
> > Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")
> > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> > ---
> > security/Makefile | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Merged into selinux/next in order to fix the linux-next build
> breakage. James, if you would prefer a different fix, let us know.
LGTM
>
> > diff --git a/security/Makefile b/security/Makefile
> > index be1dd9d2cb2f..746438499029 100644
> > --- a/security/Makefile
> > +++ b/security/Makefile
> > @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o
> > obj-$(CONFIG_SECURITYFS) += inode.o
> > obj-$(CONFIG_SECURITY_SELINUX) += selinux/
> > obj-$(CONFIG_SECURITY_SMACK) += smack/
> > -obj-$(CONFIG_AUDIT) += lsm_audit.o
> > +obj-$(CONFIG_SECURITY) += lsm_audit.o
> > obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
> > obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
> > obj-$(CONFIG_SECURITY_YAMA) += yama/
> > --
> > 2.23.0
>
> --
> paul moore
> www.paul-moore.com
>
--
James Morris
<jamorris@linuxonhyperv.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-12 22:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-10 16:55 [PATCH] security: only build lsm_audit if CONFIG_SECURITY=y Stephen Smalley
2019-12-10 19:15 ` Paul Moore
2019-12-12 22:04 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.