Quoting James Morris ([EMAIL PROTECTED]): > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > Matt LaPlante <[EMAIL PROTECTED]> wrote: > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the > > > prompt for "Default Linux Capabilities" which defaults to No: > > > > > > --- > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > --- > > > > > > However the help text recommends saying Yes. > > > > > > --- > > > This enables the "default" Linux capabilities functionality. > > > If you are unsure how to answer this question, answer Y. > > > --- > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > Thanks, > > > Matt LaPlante > > > > Anyone? > > I think this should be default y.
True, it was made the default when CONFIG_SECURITY=n a few years ago, and switching it off when toggling CONFIG_SECURITY is probably unsafe for unsuspecting users/testers. Thanks Matt. -serge >From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> Date: Tue, 29 Jan 2008 05:04:43 -0800 Subject: [PATCH 1/1] security: compile capabilities by default Capabilities have long been the default when CONFIG_SECURITY=n, and its help text suggests turning it on when CONFIG_SECURITY=y. But it is set to default n. Default it to y instead. Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]> --- security/Kconfig | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..389e151 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool "Default Linux Capabilities" depends on SECURITY + default y help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. -- 1.5.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/