mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-25 15:00:53 +07:00
ecfcc53fef
the following patch, add logging of Smack security decisions. This is of course very useful to understand what your current smack policy does. As suggested by Casey, it also now forbids labels with ', " or \ It introduces a '/smack/logging' switch : 0: no logging 1: log denied (default) 2: log accepted 3: log denied&accepted Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
29 lines
885 B
Makefile
29 lines
885 B
Makefile
#
|
|
# Makefile for the kernel security code
|
|
#
|
|
|
|
obj-$(CONFIG_KEYS) += keys/
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_SECURITY_SMACK) += smack
|
|
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
|
|
|
# always enable default capabilities
|
|
obj-y += commoncap.o
|
|
|
|
# Object file lists
|
|
obj-$(CONFIG_SECURITY) += security.o capability.o
|
|
obj-$(CONFIG_SECURITYFS) += inode.o
|
|
# Must precede capability.o in order to stack properly.
|
|
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
|
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
|
ifeq ($(CONFIG_AUDIT),y)
|
|
obj-$(CONFIG_SECURITY_SMACK) += lsm_audit.o
|
|
endif
|
|
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
|
|
obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
|
|
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
|
|
|
# Object integrity file lists
|
|
subdir-$(CONFIG_IMA) += integrity/ima
|
|
obj-$(CONFIG_IMA) += integrity/ima/built-in.o
|