On Thu, Oct 23, 2014 at 11:21:22AM -0400, Tyler Hicks wrote: > The AppArmor profile hashing feature, configured by > CONFIG_SECURITY_APPARMOR_HASH, uses SHA-1 as the hashing algorithm and > selects CRYPTO_SHA1. However, by depending on CRYPTO, instead of > selecting it, the tristates CRYPTO and CRYPTO_SHA1 could both be > configured as modules. This causes a build error because LSMs must be > built-in and SECURITY_APPARMOR and SECURITY_APPARMOR_HASH are both > bools. > > Selecting CRYPTO solves the problem by enforcing that the crypto > subsystem and the SHA-1 code are built-in when > CONFIG_SECURITY_APPARMOR_HASH is selected.
Do we also need to select CRYPTO_HASH? CRYPTO_SHA1 depends upon it, too. > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Acked-by: Seth Arnold <seth.arn...@canonical.com> Thanks > --- > security/apparmor/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig > index d49c539..232469b 100644 > --- a/security/apparmor/Kconfig > +++ b/security/apparmor/Kconfig > @@ -33,7 +33,7 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE > config SECURITY_APPARMOR_HASH > bool "SHA1 hash of loaded profiles" > depends on SECURITY_APPARMOR > - depends on CRYPTO > + select CRYPTO > select CRYPTO_SHA1 > default y > > -- > 2.1.0 > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor