* "Default Linux Capabilities" default in 2.6.24 @ 2008-01-25 1:12 Matt LaPlante 2008-01-29 2:10 ` Matt LaPlante 0 siblings, 1 reply; 5+ messages in thread From: Matt LaPlante @ 2008-01-25 1:12 UTC (permalink / raw) To: linux-kernel I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: --- Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? --- However the help text recommends saying Yes. --- This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. --- Does this seem incongruous? Also, what's the "question"? :) Thanks, Matt LaPlante ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: "Default Linux Capabilities" default in 2.6.24 2008-01-25 1:12 "Default Linux Capabilities" default in 2.6.24 Matt LaPlante @ 2008-01-29 2:10 ` Matt LaPlante 2008-01-29 2:48 ` James Morris 0 siblings, 1 reply; 5+ messages in thread From: Matt LaPlante @ 2008-01-29 2:10 UTC (permalink / raw) To: linux-kernel On Thu, 24 Jan 2008 19:12:01 -0600 Matt LaPlante <kernel1@cyberdogtech.com> wrote: > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: > > --- > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > --- > > However the help text recommends saying Yes. > > --- > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > --- > > Does this seem incongruous? Also, what's the "question"? :) > > Thanks, > Matt LaPlante Anyone? ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: "Default Linux Capabilities" default in 2.6.24 2008-01-29 2:10 ` Matt LaPlante @ 2008-01-29 2:48 ` James Morris 2008-01-29 13:08 ` Serge E. Hallyn 0 siblings, 1 reply; 5+ messages in thread From: James Morris @ 2008-01-29 2:48 UTC (permalink / raw) To: Matt LaPlante; +Cc: linux-kernel, linux-security-module On Mon, 28 Jan 2008, Matt LaPlante wrote: > On Thu, 24 Jan 2008 19:12:01 -0600 > Matt LaPlante <kernel1@cyberdogtech.com> wrote: > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: > > > > --- > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > --- > > > > However the help text recommends saying Yes. > > > > --- > > This enables the "default" Linux capabilities functionality. > > If you are unsure how to answer this question, answer Y. > > --- > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > Thanks, > > Matt LaPlante > > Anyone? I think this should be default y. -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: "Default Linux Capabilities" default in 2.6.24 2008-01-29 2:48 ` James Morris @ 2008-01-29 13:08 ` Serge E. Hallyn 2008-01-29 16:44 ` Matt LaPlante 0 siblings, 1 reply; 5+ messages in thread From: Serge E. Hallyn @ 2008-01-29 13:08 UTC (permalink / raw) To: James Morris; +Cc: Matt LaPlante, linux-kernel, linux-security-module Quoting James Morris (jmorris@namei.org): > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > Matt LaPlante <kernel1@cyberdogtech.com> wrote: > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: > > > > > > --- > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > --- > > > > > > However the help text recommends saying Yes. > > > > > > --- > > > This enables the "default" Linux capabilities functionality. > > > If you are unsure how to answer this question, answer Y. > > > --- > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > Thanks, > > > Matt LaPlante > > > > Anyone? > > I think this should be default y. True, it was made the default when CONFIG_SECURITY=n a few years ago, and switching it off when toggling CONFIG_SECURITY is probably unsafe for unsuspecting users/testers. Thanks Matt. -serge >From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 From: sergeh@us.ibm.com <hallyn@kernel.(none)> Date: Tue, 29 Jan 2008 05:04:43 -0800 Subject: [PATCH 1/1] security: compile capabilities by default Capabilities have long been the default when CONFIG_SECURITY=n, and its help text suggests turning it on when CONFIG_SECURITY=y. But it is set to default n. Default it to y instead. Signed-off-by: Serge Hallyn <serue@us.ibm.com> --- security/Kconfig | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index 8086e61..389e151 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool "Default Linux Capabilities" depends on SECURITY + default y help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. -- 1.5.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: "Default Linux Capabilities" default in 2.6.24 2008-01-29 13:08 ` Serge E. Hallyn @ 2008-01-29 16:44 ` Matt LaPlante 0 siblings, 0 replies; 5+ messages in thread From: Matt LaPlante @ 2008-01-29 16:44 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: James Morris, linux-kernel, linux-security-module On Tue, 29 Jan 2008 07:08:25 -0600 "Serge E. Hallyn" <serue@us.ibm.com> wrote: > Quoting James Morris (jmorris@namei.org): > > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > > Matt LaPlante <kernel1@cyberdogtech.com> wrote: > > > > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: > > > > > > > > --- > > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > > --- > > > > > > > > However the help text recommends saying Yes. > > > > > > > > --- > > > > This enables the "default" Linux capabilities functionality. > > > > If you are unsure how to answer this question, answer Y. > > > > --- > > > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > > > Thanks, > > > > Matt LaPlante > > > > > > Anyone? > > > > I think this should be default y. > > True, it was made the default when CONFIG_SECURITY=n a few years ago, > and switching it off when toggling CONFIG_SECURITY is probably unsafe > for unsuspecting users/testers. > > Thanks Matt. > > -serge > > From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 > From: sergeh@us.ibm.com <hallyn@kernel.(none)> > Date: Tue, 29 Jan 2008 05:04:43 -0800 > Subject: [PATCH 1/1] security: compile capabilities by default > > Capabilities have long been the default when CONFIG_SECURITY=n, > and its help text suggests turning it on when CONFIG_SECURITY=y. > But it is set to default n. > > Default it to y instead. > > Signed-off-by: Serge Hallyn <serue@us.ibm.com> > --- > security/Kconfig | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 8086e61..389e151 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM > config SECURITY_CAPABILITIES > bool "Default Linux Capabilities" > depends on SECURITY > + default y > help > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > -- > 1.5.1 > Acked-by: Matt LaPlante <kernel1@cyberdogtech.com> ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-01-29 16:44 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-01-25 1:12 "Default Linux Capabilities" default in 2.6.24 Matt LaPlante 2008-01-29 2:10 ` Matt LaPlante 2008-01-29 2:48 ` James Morris 2008-01-29 13:08 ` Serge E. Hallyn 2008-01-29 16:44 ` Matt LaPlante
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox