Hi,
This patch series gives the opportunity to users, when running make
oldconfig, to update configuration strings (e.g. CONFIG_LSM) according
to dependency changes. This helps users keep a consistent up-to-date
kernel configuration.
This patch series can be applied on v5.11 .
Regards,
Mickaël Salaün (3):
kconfig: Remove duplicate call to sym_get_string_value()
kconfig: Ask user if string needs to be changed when dependency
changed
security: Add LSMs dependencies to CONFIG_LSM
scripts/kconfig/conf.c | 37 ++++++++++++++++++++++++++++++++++---
security/Kconfig | 4 ++++
2 files changed, 38 insertions(+), 3 deletions(-)
base-commit: f40ddce88593482919761f74910f42f4b84c004b
--
2.30.0
From: Mickaël Salaün <[email protected]>
Thanks to the previous commit, this gives the opportunity to users, when
running make oldconfig, to update the list of enabled LSMs at boot time
if an LSM has just been enabled or disabled in the build. Moreover,
this list only makes sense if at least one LSM is enabled.
Cc: Casey Schaufler <[email protected]>
Cc: James Morris <[email protected]>
Cc: Masahiro Yamada <[email protected]>
Cc: Serge E. Hallyn <[email protected]>
Signed-off-by: Mickaël Salaün <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
---
security/Kconfig | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/Kconfig b/security/Kconfig
index 7561f6f99f1d..2bc9ff351176 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -277,6 +277,10 @@ endchoice
config LSM
string "Ordered list of enabled LSMs"
+ depends on SECURITY_LOCKDOWN_LSM || SECURITY_YAMA || SECURITY_LOADPIN || \
+ SECURITY_SAFESETID || INTEGRITY || SECURITY_SELINUX || \
+ SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR || \
+ BPF_LSM
default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
--
2.30.0
Hi "Micka?l,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on f40ddce88593482919761f74910f42f4b84c004b]
url: https://github.com/0day-ci/linux/commits/Micka-l-Sala-n/Kconfig-oldconfig-string-update/20210215-203522
base: f40ddce88593482919761f74910f42f4b84c004b
config: x86_64-randconfig-a005-20210215 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project c9439ca36342fb6013187d0a69aef92736951476)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://github.com/0day-ci/linux/commit/57f88038e4ac44e3de063cd5914d91cbb3eecf8f
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Micka-l-Sala-n/Kconfig-oldconfig-string-update/20210215-203522
git checkout 57f88038e4ac44e3de063cd5914d91cbb3eecf8f
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
All errors (new ones prefixed by >>):
>> security/security.c:85:59: error: use of undeclared identifier 'CONFIG_LSM'
static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
^
1 error generated.
vim +/CONFIG_LSM +85 security/security.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 84
13e735c0e95324 Kees Cook 2018-10-09 @85 static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
13e735c0e95324 Kees Cook 2018-10-09 86
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]