Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 99f6d61b authored Feb 07, 2006 by Stephen Smalley Committed by Linus Torvalds Feb 07, 2006

[PATCH] selinux: require AUDIT



Make SELinux depend on AUDIT as it requires the basic audit support to log
permission denials at all.  Note that AUDITSYSCALL remains optional for
SELinux, although it can be useful in providing further information upon
denials.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent 46cd2f32

init/Kconfig

+0 −1

Original line number	Diff line number	Diff line
		@@ -169,7 +169,6 @@ config SYSCTL
		config AUDIT
		bool "Auditing support"
		depends on NET
		default y if SECURITY_SELINUX
		help
		Enable auditing infrastructure that can be used with another
		kernel subsystem, such as SELinux (which requires this for

security/selinux/Kconfig

+1 −1

Original line number	Diff line number	Diff line
		config SECURITY_SELINUX
		bool "NSA SELinux Support"
		depends on SECURITY_NETWORK && NET && INET
		depends on SECURITY_NETWORK && AUDIT && NET && INET
		default n
		help
		This selects NSA Security-Enhanced Linux (SELinux).

security/selinux/avc.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -43,13 +43,11 @@ static const struct av_perm_to_string
		#undef S_
		};

		#ifdef CONFIG_AUDIT
		static const char *class_to_string[] = {
		#define S_(s) s,
		#include "class_to_string.h"
		#undef S_
		};
		#endif

		#define TB_(s) static const char * s [] = {
		#define TE_(s) };