On Tue, 29 Jan 2008 07:08:25 -0600 "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote:
> Quoting James Morris ([EMAIL PROTECTED]): > > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > > Matt LaPlante <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the > > > > prompt for "Default Linux Capabilities" which defaults to No: > > > > > > > > --- > > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > > --- > > > > > > > > However the help text recommends saying Yes. > > > > > > > > --- > > > > This enables the "default" Linux capabilities functionality. > > > > If you are unsure how to answer this question, answer Y. > > > > --- > > > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > > > Thanks, > > > > Matt LaPlante > > > > > > Anyone? > > > > I think this should be default y. > > True, it was made the default when CONFIG_SECURITY=n a few years ago, > and switching it off when toggling CONFIG_SECURITY is probably unsafe > for unsuspecting users/testers. > > Thanks Matt. > > -serge > > From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 > From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> > Date: Tue, 29 Jan 2008 05:04:43 -0800 > Subject: [PATCH 1/1] security: compile capabilities by default > > Capabilities have long been the default when CONFIG_SECURITY=n, > and its help text suggests turning it on when CONFIG_SECURITY=y. > But it is set to default n. > > Default it to y instead. > > Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]> > --- > security/Kconfig | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 8086e61..389e151 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM > config SECURITY_CAPABILITIES > bool "Default Linux Capabilities" > depends on SECURITY > + default y > help > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > -- > 1.5.1 > Acked-by: Matt LaPlante <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/