commit 99f6d61bda82d09b2d94414d413d39f66a0b7da2
author Stephen Smalley <sds@tycho.nsa.gov> Tue Feb 07 12:58:51 2006 -0800
committer Linus Torvalds <torvalds@g5.osdl.org> Tue Feb 07 16:12:33 2006 -0800
tree 7e204d1b3ffa642889905aa3a86c84d98e0c0af9
parent 46cd2f32baf181b74b16cceb123bab6fe1f61f85

[PATCH] selinux: require AUDIT

Make SELinux depend on AUDIT as it requires the basic audit support to log
permission denials at all.  Note that AUDITSYSCALL remains optional for
SELinux, although it can be useful in providing further information upon
denials.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

init/Kconfig

diff --git a/init/Kconfig b/init/Kconfig
index 8b7abae..38416a1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -169,7 +169,6 @@
 config AUDIT
 	bool "Auditing support"
 	depends on NET
-	default y if SECURITY_SELINUX
 	help
 	  Enable auditing infrastructure that can be used with another
 	  kernel subsystem, such as SELinux (which requires this for

security/selinux/Kconfig

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index 502f78f..f636f53 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -1,6 +1,6 @@
 config SECURITY_SELINUX
 	bool "NSA SELinux Support"
-	depends on SECURITY_NETWORK && NET && INET
+	depends on SECURITY_NETWORK && AUDIT && NET && INET
 	default n
 	help
 	  This selects NSA Security-Enhanced Linux (SELinux).

security/selinux/avc.c

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 53d6c7b..ac5d69b 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -43,13 +43,11 @@
 #undef S_
 };
 
-#ifdef CONFIG_AUDIT
 static const char *class_to_string[] = {
 #define S_(s) s,
 #include "class_to_string.h"
 #undef S_
 };
-#endif
 
 #define TB_(s) static const char * s [] = {
 #define TE_(s) };