diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-11-21 22:18:14 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-11-21 22:18:14 -0500 |
| commit | 3eaded86ac3e7f00fb3eeb8162d89e9a34e42fb0 (patch) | |
| tree | 4c48b9f1739dcb034186956bf39908803b524154 /init | |
| parent | 527d1511310a89650000081869260394e20c7013 (diff) | |
| parent | 9175c9d2aed528800175ef81c90569d00d23f9be (diff) | |
Merge git://git.infradead.org/users/eparis/audit
Pull audit updates from Eric Paris:
"Nothing amazing. Formatting, small bug fixes, couple of fixes where
we didn't get records due to some old VFS changes, and a change to how
we collect execve info..."
Fixed conflict in fs/exec.c as per Eric and linux-next.
* git://git.infradead.org/users/eparis/audit: (28 commits)
audit: fix type of sessionid in audit_set_loginuid()
audit: call audit_bprm() only once to add AUDIT_EXECVE information
audit: move audit_aux_data_execve contents into audit_context union
audit: remove unused envc member of audit_aux_data_execve
audit: Kill the unused struct audit_aux_data_capset
audit: do not reject all AUDIT_INODE filter types
audit: suppress stock memalloc failure warnings since already managed
audit: log the audit_names record type
audit: add child record before the create to handle case where create fails
audit: use given values in tty_audit enable api
audit: use nlmsg_len() to get message payload length
audit: use memset instead of trying to initialize field by field
audit: fix info leak in AUDIT_GET requests
audit: update AUDIT_INODE filter rule to comparator function
audit: audit feature to set loginuid immutable
audit: audit feature to only allow unsetting the loginuid
audit: allow unsetting the loginuid (with priv)
audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE
audit: loginuid functions coding style
selinux: apply selinux checks on new audit message types
...
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/init/Kconfig b/init/Kconfig index 3fc8a2f2fac4..296dfcaf613f 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -301,20 +301,6 @@ config AUDIT_TREE | |||
| 301 | depends on AUDITSYSCALL | 301 | depends on AUDITSYSCALL |
| 302 | select FSNOTIFY | 302 | select FSNOTIFY |
| 303 | 303 | ||
| 304 | config AUDIT_LOGINUID_IMMUTABLE | ||
| 305 | bool "Make audit loginuid immutable" | ||
| 306 | depends on AUDIT | ||
| 307 | help | ||
| 308 | The config option toggles if a task setting its loginuid requires | ||
| 309 | CAP_SYS_AUDITCONTROL or if that task should require no special permissions | ||
| 310 | but should instead only allow setting its loginuid if it was never | ||
| 311 | previously set. On systems which use systemd or a similar central | ||
| 312 | process to restart login services this should be set to true. On older | ||
| 313 | systems in which an admin would typically have to directly stop and | ||
| 314 | start processes this should be set to false. Setting this to true allows | ||
| 315 | one to drop potentially dangerous capabilites from the login tasks, | ||
| 316 | but may not be backwards compatible with older init systems. | ||
| 317 | |||
| 318 | source "kernel/irq/Kconfig" | 304 | source "kernel/irq/Kconfig" |
| 319 | source "kernel/time/Kconfig" | 305 | source "kernel/time/Kconfig" |
| 320 | 306 | ||