From: Adrian Bunk <bunk@stusta.de>
To: chrisw@sous-sol.org
Cc: jfs-discussion@lists.sourceforge.net, jmorris@namei.org,
reiserfs-devel@vger.kernel.org, xfs-masters@oss.sgi.com,
linux-security-module@vger.kernel.org, jffs-dev@axis.com,
eparis@parisplace.org, linux-ext4@vger.kernel.org,
sds@tycho.nsa.gov
Subject: [RFC: 2.6 patch] make the *FS_SECURITY options no longer user visible
Date: Sun, 29 Jul 2007 17:02:09 +0200 [thread overview]
Message-ID: <20070729150209.GS16817@stusta.de> (raw)
Please correct me if any of the following assumptions is wrong:
- SELinux is currently the only user of filesystem security labels
shipped with the Linux kernel
- if a user has SELinux enabled he wants his filesystems to support
security labels
Based on these assumption, it doesn't make sense to have the
*FS_SECURITY user visible since we can perfectly determine automatically
when turning them on makes sense.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
fs/Kconfig | 82 +++++++++++++------------------------------------
fs/xfs/Kconfig | 13 +------
2 files changed, 25 insertions(+), 70 deletions(-)
--- linux-2.6.23-rc1-mm1/fs/Kconfig.old 2007-07-28 23:12:19.000000000 +0200
+++ linux-2.6.23-rc1-mm1/fs/Kconfig 2007-07-28 23:17:33.000000000 +0200
@@ -40,16 +40,10 @@ config EXT2_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config EXT2_FS_SECURITY
- bool "Ext2 Security Labels"
- depends on EXT2_FS_XATTR
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the ext2 filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
+ bool
+ depends on EXT2_FS && SECURITY_SELINUX
+ select EXT2_FS_XATTR
+ default y
config EXT2_FS_XIP
bool "Ext2 execute in place support"
@@ -125,16 +119,10 @@ config EXT3_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config EXT3_FS_SECURITY
- bool "Ext3 Security Labels"
- depends on EXT3_FS_XATTR
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the ext3 filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
+ bool
+ depends on EXT3_FS && SECURITY_SELINUX
+ select EXT3_FS_XATTR
+ default y
config EXT4DEV_FS
tristate "Ext4dev/ext4 extended fs support development (EXPERIMENTAL)"
@@ -190,16 +178,10 @@ config EXT4DEV_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config EXT4DEV_FS_SECURITY
- bool "Ext4dev Security Labels"
- depends on EXT4DEV_FS_XATTR
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the ext4dev/ext4 filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
+ bool
+ depends on EXT4DEV_FS && SECURITY_SELINUX
+ select EXT4DEV_FS_XATTR
+ default y
config JBD
tristate
@@ -349,16 +331,10 @@ config REISERFS_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config REISERFS_FS_SECURITY
- bool "ReiserFS Security Labels"
- depends on REISERFS_FS_XATTR
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the ReiserFS filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
+ bool
+ depends on REISERFS_FS && SECURITY_SELINUX
+ select REISERFS_FS_XATTR
+ default y
config JFS_FS
tristate "JFS filesystem support"
@@ -383,16 +359,9 @@ config JFS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config JFS_SECURITY
- bool "JFS Security Labels"
- depends on JFS_FS
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the jfs filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
+ bool
+ depends on JFS_FS && SECURITY_SELINUX
+ default y
config JFS_DEBUG
bool "JFS debugging"
@@ -1300,17 +1269,10 @@ config JFFS2_FS_POSIX_ACL
If you don't know what Access Control Lists are, say N
config JFFS2_FS_SECURITY
- bool "JFFS2 Security Labels"
- depends on JFFS2_FS_XATTR
+ bool
+ depends on JFFS2_FS && SECURITY_SELINUX
+ select JFFS2_FS_XATTR
default y
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute handler for file security
- labels in the jffs2 filesystem.
-
- If you are not using a security module that requires using
- extended attributes for file security labels, say N.
config JFFS2_COMPRESSION_OPTIONS
bool "Advanced compression options for JFFS2"
--- linux-2.6.23-rc1-mm1/fs/xfs/Kconfig.old 2007-07-28 23:19:13.000000000 +0200
+++ linux-2.6.23-rc1-mm1/fs/xfs/Kconfig 2007-07-28 23:19:49.000000000 +0200
@@ -36,16 +36,9 @@ config XFS_QUOTA
they are completely independent subsystems.
config XFS_SECURITY
- bool "XFS Security Label support"
- depends on XFS_FS
- help
- Security labels support alternative access control models
- implemented by security modules like SELinux. This option
- enables an extended attribute namespace for inode security
- labels in the XFS filesystem.
-
- If you are not using a security module that requires using
- extended attributes for inode security labels, say N.
+ bool
+ depends on XFS_FS && SECURITY_SELINUX
+ default y
config XFS_POSIX_ACL
bool "XFS POSIX ACL support"
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
next reply other threads:[~2007-07-29 15:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-29 15:02 Adrian Bunk [this message]
2007-07-29 23:29 ` [xfs-masters] [RFC: 2.6 patch] make the *FS_SECURITY options no longer user visible David Chinner
2007-07-30 12:27 ` Stephen Smalley
2007-08-02 12:21 ` David Chinner
2007-07-30 13:12 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070729150209.GS16817@stusta.de \
--to=bunk@stusta.de \
--cc=chrisw@sous-sol.org \
--cc=eparis@parisplace.org \
--cc=jffs-dev@axis.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=jmorris@namei.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=reiserfs-devel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=xfs-masters@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).