From: Stephen Smalley Date: Tue, 7 Feb 2006 20:58:51 +0000 (-0800) Subject: [PATCH] selinux: require AUDIT X-Git-Tag: v2.6.16-rc3~114 X-Git-Url: http://www.pilppa.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=99f6d61bda82d09b2d94414d413d39f66a0b7da2;p=linux-2.6-omap-h63xx.git [PATCH] selinux: require AUDIT Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/init/Kconfig b/init/Kconfig index 8b7abae87bf..38416a199de 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -169,7 +169,6 @@ config SYSCTL config AUDIT bool "Auditing support" depends on NET - default y if SECURITY_SELINUX help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 502f78f13f5..f636f53ca54 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -1,6 +1,6 @@ config SECURITY_SELINUX bool "NSA SELinux Support" - depends on SECURITY_NETWORK && NET && INET + depends on SECURITY_NETWORK && AUDIT && NET && INET default n help This selects NSA Security-Enhanced Linux (SELinux). diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 53d6c7bbf56..ac5d69bb337 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -43,13 +43,11 @@ static const struct av_perm_to_string #undef S_ }; -#ifdef CONFIG_AUDIT static const char *class_to_string[] = { #define S_(s) s, #include "class_to_string.h" #undef S_ }; -#endif #define TB_(s) static const char * s [] = { #define TE_(s) };