Re: "Default Linux Capabilities" default in 2.6.24
On Tue, 29 Jan 2008 07:08:25 -0600 "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote: > Quoting James Morris ([EMAIL PROTECTED]): > > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > > Matt LaPlante <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the > > > > prompt for "Default Linux Capabilities" which defaults to No: > > > > > > > > --- > > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > > --- > > > > > > > > However the help text recommends saying Yes. > > > > > > > > --- > > > > This enables the "default" Linux capabilities functionality. > > > > If you are unsure how to answer this question, answer Y. > > > > --- > > > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > > > Thanks, > > > > Matt LaPlante > > > > > > Anyone? > > > > I think this should be default y. > > True, it was made the default when CONFIG_SECURITY=n a few years ago, > and switching it off when toggling CONFIG_SECURITY is probably unsafe > for unsuspecting users/testers. > > Thanks Matt. > > -serge > > From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 > From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> > Date: Tue, 29 Jan 2008 05:04:43 -0800 > Subject: [PATCH 1/1] security: compile capabilities by default > > Capabilities have long been the default when CONFIG_SECURITY=n, > and its help text suggests turning it on when CONFIG_SECURITY=y. > But it is set to default n. > > Default it to y instead. > > Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]> > --- > security/Kconfig |1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 8086e61..389e151 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM > config SECURITY_CAPABILITIES > bool "Default Linux Capabilities" > depends on SECURITY > + default y > help > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > -- > 1.5.1 > Acked-by: Matt LaPlante <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: "Default Linux Capabilities" default in 2.6.24
Quoting James Morris ([EMAIL PROTECTED]): > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > Matt LaPlante <[EMAIL PROTECTED]> wrote: > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the > > > prompt for "Default Linux Capabilities" which defaults to No: > > > > > > --- > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > --- > > > > > > However the help text recommends saying Yes. > > > > > > --- > > > This enables the "default" Linux capabilities functionality. > > > If you are unsure how to answer this question, answer Y. > > > --- > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > Thanks, > > > Matt LaPlante > > > > Anyone? > > I think this should be default y. True, it was made the default when CONFIG_SECURITY=n a few years ago, and switching it off when toggling CONFIG_SECURITY is probably unsafe for unsuspecting users/testers. Thanks Matt. -serge >From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 From: [EMAIL PROTECTED] <[EMAIL PROTECTED](none)> Date: Tue, 29 Jan 2008 05:04:43 -0800 Subject: [PATCH 1/1] security: compile capabilities by default Capabilities have long been the default when CONFIG_SECURITY=n, and its help text suggests turning it on when CONFIG_SECURITY=y. But it is set to default n. Default it to y instead. Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]> --- security/Kconfig |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..389e151 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool "Default Linux Capabilities" depends on SECURITY + default y help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. -- 1.5.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Default Linux Capabilities default in 2.6.24
On Tue, 29 Jan 2008 07:08:25 -0600 Serge E. Hallyn [EMAIL PROTECTED] wrote: Quoting James Morris ([EMAIL PROTECTED]): On Mon, 28 Jan 2008, Matt LaPlante wrote: On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante [EMAIL PROTECTED] wrote: I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for Default Linux Capabilities which defaults to No: --- Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? --- However the help text recommends saying Yes. --- This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. --- Does this seem incongruous? Also, what's the question? :) Thanks, Matt LaPlante Anyone? I think this should be default y. True, it was made the default when CONFIG_SECURITY=n a few years ago, and switching it off when toggling CONFIG_SECURITY is probably unsafe for unsuspecting users/testers. Thanks Matt. -serge From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 From: [EMAIL PROTECTED] [EMAIL PROTECTED](none) Date: Tue, 29 Jan 2008 05:04:43 -0800 Subject: [PATCH 1/1] security: compile capabilities by default Capabilities have long been the default when CONFIG_SECURITY=n, and its help text suggests turning it on when CONFIG_SECURITY=y. But it is set to default n. Default it to y instead. Signed-off-by: Serge Hallyn [EMAIL PROTECTED] --- security/Kconfig |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..389e151 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool Default Linux Capabilities depends on SECURITY + default y help This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. -- 1.5.1 Acked-by: Matt LaPlante [EMAIL PROTECTED] -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Default Linux Capabilities default in 2.6.24
Quoting James Morris ([EMAIL PROTECTED]): On Mon, 28 Jan 2008, Matt LaPlante wrote: On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante [EMAIL PROTECTED] wrote: I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for Default Linux Capabilities which defaults to No: --- Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? --- However the help text recommends saying Yes. --- This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. --- Does this seem incongruous? Also, what's the question? :) Thanks, Matt LaPlante Anyone? I think this should be default y. True, it was made the default when CONFIG_SECURITY=n a few years ago, and switching it off when toggling CONFIG_SECURITY is probably unsafe for unsuspecting users/testers. Thanks Matt. -serge From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 From: [EMAIL PROTECTED] [EMAIL PROTECTED](none) Date: Tue, 29 Jan 2008 05:04:43 -0800 Subject: [PATCH 1/1] security: compile capabilities by default Capabilities have long been the default when CONFIG_SECURITY=n, and its help text suggests turning it on when CONFIG_SECURITY=y. But it is set to default n. Default it to y instead. Signed-off-by: Serge Hallyn [EMAIL PROTECTED] --- security/Kconfig |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..389e151 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool Default Linux Capabilities depends on SECURITY + default y help This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. -- 1.5.1 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: "Default Linux Capabilities" default in 2.6.24
On Mon, 28 Jan 2008, Matt LaPlante wrote: > On Thu, 24 Jan 2008 19:12:01 -0600 > Matt LaPlante <[EMAIL PROTECTED]> wrote: > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the > > prompt for "Default Linux Capabilities" which defaults to No: > > > > --- > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > --- > > > > However the help text recommends saying Yes. > > > > --- > > This enables the "default" Linux capabilities functionality. > > If you are unsure how to answer this question, answer Y. > > --- > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > Thanks, > > Matt LaPlante > > Anyone? I think this should be default y. -- James Morris <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: "Default Linux Capabilities" default in 2.6.24
On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante <[EMAIL PROTECTED]> wrote: > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt > for "Default Linux Capabilities" which defaults to No: > > --- > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > --- > > However the help text recommends saying Yes. > > --- > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > --- > > Does this seem incongruous? Also, what's the "question"? :) > > Thanks, > Matt LaPlante Anyone? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Default Linux Capabilities default in 2.6.24
On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante [EMAIL PROTECTED] wrote: I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for Default Linux Capabilities which defaults to No: --- Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? --- However the help text recommends saying Yes. --- This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. --- Does this seem incongruous? Also, what's the question? :) Thanks, Matt LaPlante Anyone? -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Default Linux Capabilities default in 2.6.24
On Mon, 28 Jan 2008, Matt LaPlante wrote: On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante [EMAIL PROTECTED] wrote: I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for Default Linux Capabilities which defaults to No: --- Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? --- However the help text recommends saying Yes. --- This enables the default Linux capabilities functionality. If you are unsure how to answer this question, answer Y. --- Does this seem incongruous? Also, what's the question? :) Thanks, Matt LaPlante Anyone? I think this should be default y. -- James Morris [EMAIL PROTECTED] -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
