| Message ID | 20191210165541.85245-1-sds@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | security: only build lsm_audit if CONFIG_SECURITY=y | expand |
On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > The lsm_audit code is only required when CONFIG_SECURITY is enabled. > It does not have a build dependency on CONFIG_AUDIT since audit.h > provides trivial static inlines for audit_log*() when CONFIG_AUDIT > is disabled. Hence, the Makefile should only add lsm_audit to the > obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT. > > Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > security/Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into selinux/next in order to fix the linux-next build breakage. James, if you would prefer a different fix, let us know. > diff --git a/security/Makefile b/security/Makefile > index be1dd9d2cb2f..746438499029 100644 > --- a/security/Makefile > +++ b/security/Makefile > @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o > obj-$(CONFIG_SECURITYFS) += inode.o > obj-$(CONFIG_SECURITY_SELINUX) += selinux/ > obj-$(CONFIG_SECURITY_SMACK) += smack/ > -obj-$(CONFIG_AUDIT) += lsm_audit.o > +obj-$(CONFIG_SECURITY) += lsm_audit.o > obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ > obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/ > obj-$(CONFIG_SECURITY_YAMA) += yama/ > -- > 2.23.0
On Tue, 10 Dec 2019, Paul Moore wrote: > On Tue, Dec 10, 2019 at 11:55 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > > The lsm_audit code is only required when CONFIG_SECURITY is enabled. > > It does not have a build dependency on CONFIG_AUDIT since audit.h > > provides trivial static inlines for audit_log*() when CONFIG_AUDIT > > is disabled. Hence, the Makefile should only add lsm_audit to the > > obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT. > > > > Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") > > Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> > > --- > > security/Makefile | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Merged into selinux/next in order to fix the linux-next build > breakage. James, if you would prefer a different fix, let us know. LGTM > > > diff --git a/security/Makefile b/security/Makefile > > index be1dd9d2cb2f..746438499029 100644 > > --- a/security/Makefile > > +++ b/security/Makefile > > @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o > > obj-$(CONFIG_SECURITYFS) += inode.o > > obj-$(CONFIG_SECURITY_SELINUX) += selinux/ > > obj-$(CONFIG_SECURITY_SMACK) += smack/ > > -obj-$(CONFIG_AUDIT) += lsm_audit.o > > +obj-$(CONFIG_SECURITY) += lsm_audit.o > > obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ > > obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/ > > obj-$(CONFIG_SECURITY_YAMA) += yama/ > > -- > > 2.23.0 > > -- > paul moore > www.paul-moore.com >
diff --git a/security/Makefile b/security/Makefile index be1dd9d2cb2f..746438499029 100644 --- a/security/Makefile +++ b/security/Makefile @@ -22,7 +22,7 @@ obj-$(CONFIG_SECURITY) += security.o obj-$(CONFIG_SECURITYFS) += inode.o obj-$(CONFIG_SECURITY_SELINUX) += selinux/ obj-$(CONFIG_SECURITY_SMACK) += smack/ -obj-$(CONFIG_AUDIT) += lsm_audit.o +obj-$(CONFIG_SECURITY) += lsm_audit.o obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/ obj-$(CONFIG_SECURITY_YAMA) += yama/
The lsm_audit code is only required when CONFIG_SECURITY is enabled. It does not have a build dependency on CONFIG_AUDIT since audit.h provides trivial static inlines for audit_log*() when CONFIG_AUDIT is disabled. Hence, the Makefile should only add lsm_audit to the obj lists based on CONFIG_SECURITY, not CONFIG_AUDIT. Fixes: 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- security/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)