| Message ID | 20230818151220.166215-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [1/6] selinux: print sum of chain lengths^2 for hash tables | expand |
On Fri, Aug 18, 2023 at 11:12 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > If the SELinux debug configuration is enabled define the macro DEBUG > such that pr_debug() calls are always enabled, regardless of > CONFIG_DYNAMIC_DEBUG, since those message are the main reason for this > configuration in the first place. > > Mention example usage in case CONFIG_DYNAMIC_DEBUG is enabled in the > help section of the configuration. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
On Aug 18, 2023 Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > If the SELinux debug configuration is enabled define the macro DEBUG > such that pr_debug() calls are always enabled, regardless of > CONFIG_DYNAMIC_DEBUG, since those message are the main reason for this > configuration in the first place. > > Mention example usage in case CONFIG_DYNAMIC_DEBUG is enabled in the > help section of the configuration. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> > --- > security/selinux/Kconfig | 10 ++++++++++ > security/selinux/Makefile | 2 ++ > 2 files changed, 12 insertions(+) Merged into selinux/next, thanks! -- paul-moore.com
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index d30348fbe0df..61abc1e094a8 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -77,3 +77,13 @@ config SECURITY_SELINUX_DEBUG This enables debugging code designed to help SELinux kernel developers, unless you know what this does in the kernel code you should leave this disabled. + + To fine control the messages to be printed enable + CONFIG_DYNAMIC_DEBUG and see + Documentation/admin-guide/dynamic-debug-howto.rst for additional + information. + + Example usage: + + echo -n 'file "security/selinux/*" +p' > \ + /proc/dynamic_debug/control diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 836379639058..c47519ed8156 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -12,6 +12,8 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include +ccflags-$(CONFIG_SECURITY_SELINUX_DEBUG) += -DDEBUG + selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ netnode.o netport.o status.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
If the SELinux debug configuration is enabled define the macro DEBUG such that pr_debug() calls are always enabled, regardless of CONFIG_DYNAMIC_DEBUG, since those message are the main reason for this configuration in the first place. Mention example usage in case CONFIG_DYNAMIC_DEBUG is enabled in the help section of the configuration. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- security/selinux/Kconfig | 10 ++++++++++ security/selinux/Makefile | 2 ++ 2 files changed, 12 insertions(+)