diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-01-17 21:48:49 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-01-17 21:48:49 -0500 |
| commit | 2d663b55816e5c1d211a77fff90687053fe78aac (patch) | |
| tree | f74a6d3ce5c8b28a22b571dd5b4400f75317e9c5 /init | |
| parent | 25eedabe019851bc513abd601ed514df524cb482 (diff) | |
| parent | cb74ed278f8054fddf79ed930495b9e214f7c7b2 (diff) | |
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
Pull audit updates from Paul Moore:
"Seven audit patches for 4.5, all very minor despite the diffstat.
The diffstat churn for linux/audit.h can be attributed to needing to
reshuffle the linux/audit.h header to fix the seccomp auditing issue
(see the commit description for details).
Besides the seccomp/audit fix, most of the fixes are around trying to
improve the connection with the audit daemon and a Kconfig
simplification. Nothing crazy, and everything passes our little
audit-testsuite"
* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
audit: always enable syscall auditing when supported and audit is enabled
audit: force seccomp event logging to honor the audit_enabled flag
audit: Delete unnecessary checks before two function calls
audit: wake up threads if queue switched from limited to unlimited
audit: include auditd's threads in audit_log_start() wait exception
audit: remove audit_backlog_wait_overflow
audit: don't needlessly reset valid wait time
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/init/Kconfig b/init/Kconfig index 4644217b2373..5b86082fa238 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -299,20 +299,15 @@ config AUDIT | |||
| 299 | help | 299 | help |
| 300 | Enable auditing infrastructure that can be used with another | 300 | Enable auditing infrastructure that can be used with another |
| 301 | kernel subsystem, such as SELinux (which requires this for | 301 | kernel subsystem, such as SELinux (which requires this for |
| 302 | logging of avc messages output). Does not do system-call | 302 | logging of avc messages output). System call auditing is included |
| 303 | auditing without CONFIG_AUDITSYSCALL. | 303 | on architectures which support it. |
| 304 | 304 | ||
| 305 | config HAVE_ARCH_AUDITSYSCALL | 305 | config HAVE_ARCH_AUDITSYSCALL |
| 306 | bool | 306 | bool |
| 307 | 307 | ||
| 308 | config AUDITSYSCALL | 308 | config AUDITSYSCALL |
| 309 | bool "Enable system-call auditing support" | 309 | def_bool y |
| 310 | depends on AUDIT && HAVE_ARCH_AUDITSYSCALL | 310 | depends on AUDIT && HAVE_ARCH_AUDITSYSCALL |
| 311 | default y if SECURITY_SELINUX | ||
| 312 | help | ||
| 313 | Enable low-overhead system-call auditing infrastructure that | ||
| 314 | can be used independently or with another kernel subsystem, | ||
| 315 | such as SELinux. | ||
| 316 | 311 | ||
| 317 | config AUDIT_WATCH | 312 | config AUDIT_WATCH |
| 318 | def_bool y | 313 | def_bool y |