diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-11 11:55:49 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-11 11:55:49 -0400 |
| commit | f6f79190866d5b2d06a2114d673f91f54e7c7ce4 (patch) | |
| tree | 025bc2ff00351c71a719cb5bc2aa3f59133400f6 /lib/Kconfig.debug | |
| parent | 0d03d59d9b31cd1e33b7e46a80b6fef66244b1f2 (diff) | |
| parent | a3c8b97396ef42edfb845788ba6f53b2a93ce980 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (57 commits)
binfmt_elf: fix PT_INTERP bss handling
TPM: Fixup boot probe timeout for tpm_tis driver
sysfs: Add labeling support for sysfs
LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information.
VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.
KEYS: Add missing linux/tracehook.h #inclusions
KEYS: Fix default security_session_to_parent()
Security/SELinux: includecheck fix kernel/sysctl.c
KEYS: security_cred_alloc_blank() should return int under all circumstances
IMA: open new file for read
KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]
KEYS: Extend TIF_NOTIFY_RESUME to (almost) all architectures [try #6]
KEYS: Do some whitespace cleanups [try #6]
KEYS: Make /proc/keys use keyid not numread as file position [try #6]
KEYS: Add garbage collection for dead, revoked and expired keys. [try #6]
KEYS: Flag dead keys to induce EKEYREVOKED [try #6]
KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
KEYS: Deal with dead-type keys appropriately [try #6]
CRED: Add some configurable debugging [try #6]
selinux: Support for the new TUN LSM hooks
...
Diffstat (limited to 'lib/Kconfig.debug')
| -rw-r--r-- | lib/Kconfig.debug | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 12327b2bb785..fbb87cf138c5 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug | |||
| @@ -653,6 +653,21 @@ config DEBUG_NOTIFIERS | |||
| 653 | This is a relatively cheap check but if you care about maximum | 653 | This is a relatively cheap check but if you care about maximum |
| 654 | performance, say N. | 654 | performance, say N. |
| 655 | 655 | ||
| 656 | config DEBUG_CREDENTIALS | ||
| 657 | bool "Debug credential management" | ||
| 658 | depends on DEBUG_KERNEL | ||
| 659 | help | ||
| 660 | Enable this to turn on some debug checking for credential | ||
| 661 | management. The additional code keeps track of the number of | ||
| 662 | pointers from task_structs to any given cred struct, and checks to | ||
| 663 | see that this number never exceeds the usage count of the cred | ||
| 664 | struct. | ||
| 665 | |||
| 666 | Furthermore, if SELinux is enabled, this also checks that the | ||
| 667 | security pointer in the cred struct is never seen to be invalid. | ||
| 668 | |||
| 669 | If unsure, say N. | ||
| 670 | |||
| 656 | # | 671 | # |
| 657 | # Select this config option from the architecture Kconfig, if it | 672 | # Select this config option from the architecture Kconfig, if it |
| 658 | # it is preferred to always offer frame pointers as a config | 673 | # it is preferred to always offer frame pointers as a config |