On Tue, 14 Feb 2017, Tetsuo Handa wrote: > > diff --git a/security/Kconfig b/security/Kconfig > > index 118f454..f6f90c4 100644 > > --- a/security/Kconfig > > +++ b/security/Kconfig > > @@ -31,6 +31,11 @@ config SECURITY > > > > If you are unsure how to answer this question, answer N. > > > > +config SECURITY_WRITABLE_HOOKS > > + depends on SECURITY > > + bool > > + default n > > + > > This configuration option must not be set to N without big fat explanation > about implications of setting this option to N. It's not visible in the config menu, it's only there to support SELinux runtime disablement, otherwise it wouldn't even be an option. > > Honestly, I still don't like this option, regardless of whether SELinux > needs this option or not. > I agree, it would be better to just enable RO hardening without an option to disable it. -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
