Re: "Default Linux Capabilities" default in 2.6.24

Tue, 29 Jan 2008 05:11:05 -0800 

Quoting James Morris ([EMAIL PROTECTED]):
> On Mon, 28 Jan 2008, Matt LaPlante wrote:
> 
> > On Thu, 24 Jan 2008 19:12:01 -0600
> > Matt LaPlante <[EMAIL PROTECTED]> wrote:
> > 
> > > 
> > > I'm doing a make oldconfig with the new 2.6.24 kernel.  I came to the 
> > > prompt for "Default Linux Capabilities" which defaults to No:
> > > 
> > > ---
> > >  Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ?
> > > ---
> > > 
> > > However the help text recommends saying Yes.
> > > 
> > > ---
> > >  This enables the "default" Linux capabilities functionality.
> > >  If you are unsure how to answer this question, answer Y.
> > > ---
> > > 
> > > Does this seem incongruous?  Also, what's the "question"? :)
> > > 
> > > Thanks, 
> > > Matt LaPlante
> > 
> > Anyone?
> 
> I think this should be default y.

True, it was made the default when CONFIG_SECURITY=n a few years ago,
and switching it off when toggling CONFIG_SECURITY is probably unsafe
for unsuspecting users/testers.

Thanks Matt.

-serge

>From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001
From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)>
Date: Tue, 29 Jan 2008 05:04:43 -0800
Subject: [PATCH 1/1] security: compile capabilities by default

Capabilities have long been the default when CONFIG_SECURITY=n,
and its help text suggests turning it on when CONFIG_SECURITY=y.
But it is set to default n.

Default it to y instead.

Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]>
---
 security/Kconfig |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/Kconfig b/security/Kconfig
index 8086e61..389e151 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM
 config SECURITY_CAPABILITIES
        bool "Default Linux Capabilities"
        depends on SECURITY
+       default y
        help
          This enables the "default" Linux capabilities functionality.
          If you are unsure how to answer this question, answer Y.
-- 
1.5.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to