linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: linux-next: Tree for Jan 29 (security/safesetid/)
       [not found] ` <a4e95bee-e5c5-94f5-a577-d55cdd419e86@infradead.org>
@ 2019-01-29 18:21   ` Micah Morton
  2019-01-29 18:54     ` [PATCH] LSM: SafeSetID: 'depend' on CONFIG_SECURITY mortonm
  0 siblings, 1 reply; 3+ messages in thread
From: Micah Morton @ 2019-01-29 18:21 UTC (permalink / raw)
  To: Randy Dunlap
  Cc: Stephen Rothwell, Linux Next Mailing List,
	Linux Kernel Mailing List, linux-security-module

I noticed you don't have the following lines (or some of the other
related security ones) in your .config.

CONFIG_SECURITY=y
CONFIG_SECURITY_WRITABLE_HOOKS=y

Seems like we need a 'depends on SECURITY' line (or something like
that) in security/safesetid/Kconfig -- let me see if that fixes things
and if so I'll upload a patch

On Tue, Jan 29, 2019 at 9:04 AM Randy Dunlap <rdunlap@infradead.org> wrote:
>
> On 1/28/19 10:11 PM, Stephen Rothwell wrote:
> > Hi all,
> >
> > Changes since 20190125:
> >
>
> on x86_64:
>
> ld: security/safesetid/lsm.o:(.data+0x10): undefined reference to `security_hook_heads'
> ld: security/safesetid/lsm.o:(.data+0x38): undefined reference to `security_hook_heads'
> ld: security/safesetid/lsm.o: in function `safesetid_security_init':
> lsm.c:(.init.text+0x14): undefined reference to `security_add_hooks'
>
>
> Full randconfig file is attached.
>
> --
> ~Randy

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH] LSM: SafeSetID: 'depend' on CONFIG_SECURITY
  2019-01-29 18:21   ` linux-next: Tree for Jan 29 (security/safesetid/) Micah Morton
@ 2019-01-29 18:54     ` mortonm
  2019-01-29 19:52       ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: mortonm @ 2019-01-29 18:54 UTC (permalink / raw)
  To: rdunlap, sfr, linux-next, linux-kernel, linux-security-module
  Cc: Micah Morton

From: Micah Morton <mortonm@chromium.org>

This patch changes the Kconfig file for the SafeSetID LSM to depend on
CONFIG_SECURITY as well as select CONFIG_SECURITYFS, since the policies
for the LSM are configured through writing to securityfs.

Signed-off-by: Micah Morton <mortonm@chromium.org>
---
 security/safesetid/Kconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/safesetid/Kconfig b/security/safesetid/Kconfig
index bf89a47ffcc8..4f415c4e3f93 100644
--- a/security/safesetid/Kconfig
+++ b/security/safesetid/Kconfig
@@ -1,5 +1,7 @@
 config SECURITY_SAFESETID
         bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
+        depends on SECURITY
+        select SECURITYFS
         default n
         help
           SafeSetID is an LSM module that gates the setid family of syscalls to
-- 
2.20.1.495.gaa96b0ce6b-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] LSM: SafeSetID: 'depend' on CONFIG_SECURITY
  2019-01-29 18:54     ` [PATCH] LSM: SafeSetID: 'depend' on CONFIG_SECURITY mortonm
@ 2019-01-29 19:52       ` James Morris
  0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2019-01-29 19:52 UTC (permalink / raw)
  To: Micah Morton
  Cc: rdunlap, sfr, linux-next, linux-kernel, linux-security-module

On Tue, 29 Jan 2019, mortonm@chromium.org wrote:

> From: Micah Morton <mortonm@chromium.org>
> 
> This patch changes the Kconfig file for the SafeSetID LSM to depend on
> CONFIG_SECURITY as well as select CONFIG_SECURITYFS, since the policies
> for the LSM are configured through writing to securityfs.
> 
> Signed-off-by: Micah Morton <mortonm@chromium.org>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general

-- 
James Morris
<jmorris@namei.org>


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-29 19:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20190129171143.3945af24@canb.auug.org.au>
     [not found] ` <a4e95bee-e5c5-94f5-a577-d55cdd419e86@infradead.org>
2019-01-29 18:21   ` linux-next: Tree for Jan 29 (security/safesetid/) Micah Morton
2019-01-29 18:54     ` [PATCH] LSM: SafeSetID: 'depend' on CONFIG_SECURITY mortonm
2019-01-29 19:52       ` James Morris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).