From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH] VFS: add config options to enable link restrictions
Date: Fri, 26 Oct 2012 20:08:16 +0100
Message-ID: <20121026190816.GS2616@ZenIV.linux.org.uk>
References: <20121026185021.GA1960@www.outflux.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
To: Kees Cook <keescook@chromium.org>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20121026185021.GA1960@www.outflux.net>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Fri, Oct 26, 2012 at 11:50:21AM -0700, Kees Cook wrote:

> +config PROTECTED_SYMLINKS_SYSCTL
> +	int
> +	default "1" if PROTECTED_SYMLINKS
> +	default "0"

If anything, use IS_ENABLED instead...

> -int sysctl_protected_symlinks __read_mostly = 0;
> -int sysctl_protected_hardlinks __read_mostly = 0;
> +int sysctl_protected_symlinks __read_mostly =
> +	CONFIG_PROTECTED_SYMLINKS_SYSCTL;
> +int sysctl_protected_hardlinks __read_mostly =
> +	CONFIG_PROTECTED_HARDLINKS_SYSCTL;