[PATCH] selinux: require AUDIT

Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley <[email protected]> Acked-by: James Morris <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
mrcsosa · Feb 8, 2006 · 99f6d61 · 99f6d61
1 parent 46cd2f3
commit 99f6d61
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 4 deletions.
diff --git a/init/Kconfig b/init/Kconfig
@@ -169,7 +169,6 @@ config SYSCTL
 config AUDIT
 	bool "Auditing support"
 	depends on NET
-	default y if SECURITY_SELINUX
 	help
 	  Enable auditing infrastructure that can be used with another
 	  kernel subsystem, such as SELinux (which requires this for

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
@@ -1,6 +1,6 @@
 config SECURITY_SELINUX
 	bool "NSA SELinux Support"
-	depends on SECURITY_NETWORK && NET && INET
+	depends on SECURITY_NETWORK && AUDIT && NET && INET
 	default n
 	help
 	  This selects NSA Security-Enhanced Linux (SELinux).

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
@@ -43,13 +43,11 @@ static const struct av_perm_to_string
 #undef S_
 };
 
-#ifdef CONFIG_AUDIT
 static const char *class_to_string[] = {
 #define S_(s) s,
 #include "class_to_string.h"
 #undef S_
 };
-#endif
 
 #define TB_(s) static const char * s [] = {
 #define TE_(s) };