Patchwork Smack: Add missing depends on INET in Kconfig

login
register
mail settings
Submitter Casey Schaufler
Date Nov. 30, 2012, 5:28 p.m.
Message ID <50B8ECB3.2090801@schaufler-ca.com>
Download mbox | patch
Permalink /patch/203007/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Casey Schaufler - Nov. 30, 2012, 5:28 p.m.
Because NETLABEL depends on INET SECURITY_SMACK
has to explicitly call out the dependency.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/Kconfig |    1 +
 1 file changed, 1 insertion(+)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Randy.Dunlap - Nov. 30, 2012, 5:40 p.m.
On 11/30/2012 09:28 AM, Casey Schaufler wrote:

> Because NETLABEL depends on INET SECURITY_SMACK
> has to explicitly call out the dependency.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>


Acked-by: Randy Dunlap <rdunlap@xenotime.net>

Thanks for the quick fix.

> ---
>  security/smack/Kconfig |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/security/smack/Kconfig b/security/smack/Kconfig
> index 9fb14ef..1be1088 100644
> --- a/security/smack/Kconfig
> +++ b/security/smack/Kconfig
> @@ -1,5 +1,6 @@
>  config SECURITY_SMACK
>  	bool "Simplified Mandatory Access Control Kernel Support"
> +	depends on INET
>  	depends on NET
>  	depends on SECURITY
>  	select NETLABEL
> 
> --
David Miller - Nov. 30, 2012, 6:43 p.m.
From: Randy Dunlap <rdunlap@xenotime.net>
Date: Fri, 30 Nov 2012 09:40:09 -0800

> On 11/30/2012 09:28 AM, Casey Schaufler wrote:
> 
>> Because NETLABEL depends on INET SECURITY_SMACK
>> has to explicitly call out the dependency.
>> 
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> 
> 
> Acked-by: Randy Dunlap <rdunlap@xenotime.net>
> 
> Thanks for the quick fix.

In what tree does this Kconfig file look like this?

In my net-next tree the current dependencies are expressed as:

	depends on NETLABEL && SECURITY_NETWORK
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Paul Moore - Nov. 30, 2012, 6:43 p.m.
On Friday, November 30, 2012 09:40:09 AM Randy Dunlap wrote:
> On 11/30/2012 09:28 AM, Casey Schaufler wrote:
> > Because NETLABEL depends on INET SECURITY_SMACK
> > has to explicitly call out the dependency.
> > 
> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> 
> Acked-by: Randy Dunlap <rdunlap@xenotime.net>
> 
> Thanks for the quick fix.

+1

Thanks Casey.

> > ---
> > 
> >  security/smack/Kconfig |    1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/security/smack/Kconfig b/security/smack/Kconfig
> > index 9fb14ef..1be1088 100644
> > --- a/security/smack/Kconfig
> > +++ b/security/smack/Kconfig
> > @@ -1,5 +1,6 @@
> > 
> >  config SECURITY_SMACK
> >  
> >  	bool "Simplified Mandatory Access Control Kernel Support"
> > 
> > +	depends on INET
> > 
> >  	depends on NET
> >  	depends on SECURITY
> >  	select NETLABEL
> > 
> > --
Casey Schaufler - Nov. 30, 2012, 6:47 p.m.
On 11/30/2012 10:43 AM, David Miller wrote:
> From: Randy Dunlap <rdunlap@xenotime.net>
> Date: Fri, 30 Nov 2012 09:40:09 -0800
>
>> On 11/30/2012 09:28 AM, Casey Schaufler wrote:
>>
>>> Because NETLABEL depends on INET SECURITY_SMACK
>>> has to explicitly call out the dependency.
>>>
>>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>>
>> Acked-by: Randy Dunlap <rdunlap@xenotime.net>
>>
>> Thanks for the quick fix.
> In what tree does this Kconfig file look like this?

James Morris' security-next

>
> In my net-next tree the current dependencies are expressed as:
>
> 	depends on NETLABEL && SECURITY_NETWORK
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Paris - Nov. 30, 2012, 10:01 p.m.
Do other LSMs need this too Casey?  I remember we mentioned how select
was dangerous  :-(

On Fri, Nov 30, 2012 at 12:28 PM, Casey Schaufler
<casey@schaufler-ca.com> wrote:
> Because NETLABEL depends on INET SECURITY_SMACK
> has to explicitly call out the dependency.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  security/smack/Kconfig |    1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/security/smack/Kconfig b/security/smack/Kconfig
> index 9fb14ef..1be1088 100644
> --- a/security/smack/Kconfig
> +++ b/security/smack/Kconfig
> @@ -1,5 +1,6 @@
>  config SECURITY_SMACK
>         bool "Simplified Mandatory Access Control Kernel Support"
> +       depends on INET
>         depends on NET
>         depends on SECURITY
>         select NETLABEL
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Casey Schaufler - Nov. 30, 2012, 10:18 p.m.
On 11/30/2012 2:01 PM, Eric Paris wrote:
> Do other LSMs need this too Casey?  I remember we mentioned how select
> was dangerous  :-(

I don't see any missing dependencies, but then, I missed INET.
Yes, you mentioned that it was dangerous.

>
> On Fri, Nov 30, 2012 at 12:28 PM, Casey Schaufler
> <casey@schaufler-ca.com> wrote:
>> Because NETLABEL depends on INET SECURITY_SMACK
>> has to explicitly call out the dependency.
>>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> ---
>>  security/smack/Kconfig |    1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/security/smack/Kconfig b/security/smack/Kconfig
>> index 9fb14ef..1be1088 100644
>> --- a/security/smack/Kconfig
>> +++ b/security/smack/Kconfig
>> @@ -1,5 +1,6 @@
>>  config SECURITY_SMACK
>>         bool "Simplified Mandatory Access Control Kernel Support"
>> +       depends on INET
>>         depends on NET
>>         depends on SECURITY
>>         select NETLABEL
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at  http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/security/smack/Kconfig b/security/smack/Kconfig
index 9fb14ef..1be1088 100644
--- a/security/smack/Kconfig
+++ b/security/smack/Kconfig
@@ -1,5 +1,6 @@ 
 config SECURITY_SMACK
 	bool "Simplified Mandatory Access Control Kernel Support"
+	depends on INET
 	depends on NET
 	depends on SECURITY
 	select NETLABEL