From: Dmitry Kasatkin <d.kasatkin@samsung.com>
To: zohar@linux.vnet.ibm.com, linux-ima-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, dmitry.kasatkin@gmail.com,
Dmitry Kasatkin <d.kasatkin@samsung.com>
Subject: [PATCH v2 2/3] integrity: move integrity subsystem options to a separate menu
Date: Wed, 03 Sep 2014 10:29:28 +0300 [thread overview]
Message-ID: <bce4893d9928b4c6ba9e69e8b4d858489acf6e9e.1409728926.git.d.kasatkin@samsung.com> (raw)
In-Reply-To: <cover.1409728926.git.d.kasatkin@samsung.com>
In-Reply-To: <cover.1409728926.git.d.kasatkin@samsung.com>
Integrity subsystem got lots of options and takes more than half
of security menu.
This patch moves integrity subsystem options to a separate menu.
It does not affect existing configuration. Re-configuration is
not needed.
Changes in v2:
- previous patch moved integrity out of the 'security' menu.
This version keeps integrity as a security option (Mimi).
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
security/integrity/Kconfig | 14 ++++++++++++--
security/integrity/evm/Kconfig | 9 +--------
security/integrity/ima/Kconfig | 3 +--
3 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index f79d853..a734a83 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -1,7 +1,13 @@
#
config INTEGRITY
- def_bool y
- depends on IMA || EVM
+ bool "Integrity subsystem support"
+ depends on SECURITY
+ default y
+
+if INTEGRITY
+
+menu "Options"
+
config INTEGRITY_SIGNATURE
boolean "Digital signature verification using multiple keyrings"
@@ -46,3 +52,7 @@ config INTEGRITY_AUDIT
source security/integrity/ima/Kconfig
source security/integrity/evm/Kconfig
+
+endmenu
+
+endif # if INTEGRITY
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig
index d606f3d..df20a2f 100644
--- a/security/integrity/evm/Kconfig
+++ b/security/integrity/evm/Kconfig
@@ -1,6 +1,6 @@
config EVM
boolean "EVM support"
- depends on SECURITY
+ depends on INTEGRITY
select KEYS
select ENCRYPTED_KEYS
select CRYPTO_HMAC
@@ -12,10 +12,6 @@ config EVM
If you are unsure how to answer this question, answer N.
-if EVM
-
-menu "EVM options"
-
config EVM_ATTR_FSUUID
bool "FSUUID (version 2)"
default y
@@ -47,6 +43,3 @@ config EVM_EXTRA_SMACK_XATTRS
additional info to the calculation, requires existing EVM
labeled file systems to be relabeled.
-endmenu
-
-endif
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 08758fb..2477d1e 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -2,8 +2,7 @@
#
config IMA
bool "Integrity Measurement Architecture(IMA)"
- depends on SECURITY
- select INTEGRITY
+ depends on INTEGRITY
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
--
1.9.1
next prev parent reply other threads:[~2014-09-03 7:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-03 7:29 [PATCH v2 0/3] integrity: build scripts changes Dmitry Kasatkin
2014-09-03 7:29 ` [PATCH v2 1/3] integrity: move asymmetric keys config option Dmitry Kasatkin
2014-09-03 7:29 ` Dmitry Kasatkin [this message]
2014-09-03 12:35 ` [PATCH v2 2/3] integrity: move integrity subsystem options to a separate menu Mimi Zohar
2014-09-03 12:55 ` Dmitry Kasatkin
2014-09-03 19:47 ` Mimi Zohar
2014-09-03 13:42 ` Dmitry Kasatkin
2014-09-03 7:29 ` [PATCH v2 3/3] integrity: make all integrity components as integrity module Dmitry Kasatkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bce4893d9928b4c6ba9e69e8b4d858489acf6e9e.1409728926.git.d.kasatkin@samsung.com \
--to=d.kasatkin@samsung.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.