On Wed, 10 Oct 2007 09:19:55 +1000 (EST) James Morris wrote: > From: Eric Paris <[EMAIL PROTECTED]> > > Changes the security/selinux/Kconfig to use select instead of depends > for most of the SELinux requirements. This allows the SELinux option to > show up when people do a make config without already knowing they had to > enable audit and other non-obvious choices. Added a depends on SECURITY > (which previously existed through SECURITY_NETWORK) so that SELinux > would not always show up, but would be easy and intuitive to find. > > Signed-off-by: Eric Paris <[EMAIL PROTECTED]> > Acked-by: Stephen Smalley <[EMAIL PROTECTED]> > Signed-off-by: James Morris <[EMAIL PROTECTED]> > --- > security/selinux/Kconfig | 7 ++++++- > 1 files changed, 6 insertions(+), 1 deletions(-) > > diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig > index b32a459..40b97e6 100644 > --- a/security/selinux/Kconfig > +++ b/security/selinux/Kconfig > @@ -1,6 +1,10 @@ > config SECURITY_SELINUX > bool "NSA SELinux Support" > - depends on SECURITY_NETWORK && AUDIT && NET && INET > + depends on SECURITY > + select SECURITY_NETWORK > + select AUDIT > + select NET > + select INET > select NETWORK_SECMARK > default n > help
I doth protest. Enabling the entire NET subsystem thru a hidden select is awful. Select should be used (sparingly) to enable library code only. If someone wants NET enabled, they should enable it overtly, not covertly. > @@ -9,6 +13,7 @@ config SECURITY_SELINUX > You can obtain the policy compiler (checkpolicy), the utility for > labeling filesystems (setfiles), and an example policy configuration > from <http://www.nsa.gov/selinux/>. > + > If you are unsure how to answer this question, answer N. > > config SECURITY_SELINUX_BOOTPARAM --- ~Randy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
