aboutsummaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-01-17 19:06:51 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2012-01-17 19:41:31 -0500
commitf429ee3b808118591d1f3cdf3c0d0793911a5677 (patch)
tree96d848f5f677d96758ecd2aee5eb6931b75bf218 /init
parent22b4eb5e3174efb49791c62823d0cccc35394c36 (diff)
parentc158a35c8a681cf68d36f22f058f9f5466386c71 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits) audit: no leading space in audit_log_d_path prefix audit: treat s_id as an untrusted string audit: fix signedness bug in audit_log_execve_info() audit: comparison on interprocess fields audit: implement all object interfield comparisons audit: allow interfield comparison between gid and ogid audit: complex interfield comparison helper audit: allow interfield comparison in audit rules Kernel: Audit Support For The ARM Platform audit: do not call audit_getname on error audit: only allow tasks to set their loginuid if it is -1 audit: remove task argument to audit_set_loginuid audit: allow audit matching on inode gid audit: allow matching on obj_uid audit: remove audit_finish_fork as it can't be called audit: reject entry,always rules audit: inline audit_free to simplify the look of generic code audit: drop audit_set_macxattr as it doesn't do anything audit: inline checks for not needing to collect aux records audit: drop some potentially inadvisable likely notations ... Use evil merge to fix up grammar mistakes in Kconfig file. Bad speling and horrible grammar (and copious swearing) is to be expected, but let's keep it to commit messages and comments, rather than expose it to users in config help texts or printouts.
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig16
1 files changed, 15 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 6ac2236244c3..3f42cd66f0f8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -355,7 +355,7 @@ config AUDIT
355 355
356config AUDITSYSCALL 356config AUDITSYSCALL
357 bool "Enable system-call auditing support" 357 bool "Enable system-call auditing support"
358 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH) 358 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || ARM)
359 default y if SECURITY_SELINUX 359 default y if SECURITY_SELINUX
360 help 360 help
361 Enable low-overhead system-call auditing infrastructure that 361 Enable low-overhead system-call auditing infrastructure that
@@ -372,6 +372,20 @@ config AUDIT_TREE
372 depends on AUDITSYSCALL 372 depends on AUDITSYSCALL
373 select FSNOTIFY 373 select FSNOTIFY
374 374
375config AUDIT_LOGINUID_IMMUTABLE
376 bool "Make audit loginuid immutable"
377 depends on AUDIT
378 help
379 The config option toggles if a task setting its loginuid requires
380 CAP_SYS_AUDITCONTROL or if that task should require no special permissions
381 but should instead only allow setting its loginuid if it was never
382 previously set. On systems which use systemd or a similar central
383 process to restart login services this should be set to true. On older
384 systems in which an admin would typically have to directly stop and
385 start processes this should be set to false. Setting this to true allows
386 one to drop potentially dangerous capabilites from the login tasks,
387 but may not be backwards compatible with older init systems.
388
375source "kernel/irq/Kconfig" 389source "kernel/irq/Kconfig"
376 390
377menu "RCU Subsystem" 391menu "RCU Subsystem"