[PATCH] selinux: require AUDIT

Make SELinux depend on AUDIT as it requires the basic audit support to log
permission denials at all.  Note that AUDITSYSCALL remains optional for
SELinux, although it can be useful in providing further information upon
denials.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Stephen Smalley 2006-02-07 12:58:51 -08:00 committed by Linus Torvalds
parent 46cd2f32ba
commit 99f6d61bda
3 changed files with 1 additions and 4 deletions

View File

@ -169,7 +169,6 @@ config SYSCTL
config AUDIT
bool "Auditing support"
depends on NET
default y if SECURITY_SELINUX
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for

View File

@ -1,6 +1,6 @@
config SECURITY_SELINUX
bool "NSA SELinux Support"
depends on SECURITY_NETWORK && NET && INET
depends on SECURITY_NETWORK && AUDIT && NET && INET
default n
help
This selects NSA Security-Enhanced Linux (SELinux).

View File

@ -43,13 +43,11 @@ static const struct av_perm_to_string
#undef S_
};
#ifdef CONFIG_AUDIT
static const char *class_to_string[] = {
#define S_(s) s,
#include "class_to_string.h"
#undef S_
};
#endif
#define TB_(s) static const char * s [] = {
#define TE_(s) };