ecfcc53fef
the following patch, add logging of Smack security decisions. This is of course very useful to understand what your current smack policy does. As suggested by Casey, it also now forbids labels with ', " or \ It introduces a '/smack/logging' switch : 0: no logging 1: log denied (default) 2: log accepted 3: log denied&accepted Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
28 lines
885 B
Makefile
28 lines
885 B
Makefile
#
|
|
# Makefile for the kernel security code
|
|
#
|
|
|
|
obj-$(CONFIG_KEYS) += keys/
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_SECURITY_SMACK) += smack
|
|
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
|
|
|
# always enable default capabilities
|
|
obj-y += commoncap.o
|
|
|
|
# Object file lists
|
|
obj-$(CONFIG_SECURITY) += security.o capability.o
|
|
obj-$(CONFIG_SECURITYFS) += inode.o
|
|
# Must precede capability.o in order to stack properly.
|
|
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
|
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
|
ifeq ($(CONFIG_AUDIT),y)
|
|
obj-$(CONFIG_SECURITY_SMACK) += lsm_audit.o
|
|
endif
|
|
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
|
|
obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
|
|
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
|
|
|
# Object integrity file lists
|
|
subdir-$(CONFIG_IMA) += integrity/ima
|
|
obj-$(CONFIG_IMA) += integrity/ima/built-in.o
|