On Tue, Dec 10, 2019 at 10:45 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 12/10/19 10:04 AM, Paul Moore wrote: > > On Tue, Dec 10, 2019 at 9:59 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > >> On 12/9/19 9:28 PM, Paul Moore wrote: > >>> With CONFIG_AUDIT enabled but CONFIG_SECURITY disabled we run into > >>> a problem where the lockdown reason table is missing. This patch > >>> attempts to fix this by hiding the table behind a lookup function. > >> > >> Shouldn't lsm_audit.c be conditional on both CONFIG_AUDIT and > >> CONFIG_SECURITY? When/why would we want it built without > >> CONFIG_SECURITY enabled? > > > > My first thought of a fix was just that, but I remembered that the > > capabilities code is built regardless of the CONFIG_SECURITY setting > > and I thought there might be some value in allowing for lsm_audit to > > be used in commoncap (although in full disclosure commoncap doesn't > > currently make use of lsm_audit). > > Seems contrary to normal practice, i.e. if/when commoncap grows a > dependency, it can be changed then. Okay, want to submit a tested patch? I really would like to get this fixed before today's linux-next run. -- paul moore www.paul-moore.com
