[RFC PATCH] lsm: make SECURITY_PATH always enabled
Paul Moore
paul at paul-moore.com
Mon Aug 26 23:06:11 UTC 2024
On Sun, Aug 25, 2024 at 8:50 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
>
> Only TOMOYO needed CONFIG_SECURITY_PATH when it was introduced. But now,
> AppArmor, EVM, IMA and LandLock also need it. And kernels are likely built
> with at least one of these enabled if CONFIG_SECURITY is enabled. Let's
> simplify the dependency.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> ---
> arch/mips/configs/loongson2k_defconfig | 1 -
> arch/mips/configs/loongson3_defconfig | 1 -
> include/linux/lsm_hook_defs.h | 2 -
> include/linux/security.h | 70 --------------------------
> kernel/bpf/bpf_lsm.c | 2 -
> kernel/trace/bpf_trace.c | 2 -
> security/Kconfig | 9 ----
> security/apparmor/Kconfig | 1 -
> security/integrity/evm/Kconfig | 1 -
> security/integrity/ima/Kconfig | 1 -
> security/landlock/Kconfig | 1 -
> security/security.c | 2 -
> security/tomoyo/Kconfig | 1 -
> 13 files changed, 94 deletions(-)
If a Kconfig option is only needed by a subset of LSMs, which is the
case for CONFIG_SECURITY_PATH, it should remain a build-time option.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list