summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2016-01-13 09:18:55 -0500
committerPaul Moore <paul@paul-moore.com>2016-01-13 09:18:55 -0500
commitcb74ed278f8054fddf79ed930495b9e214f7c7b2 (patch)
tree41b7e6b16956c4e9d8fca2882450d2ed0bdb6590
parent96368701e1c89057bbf39222e965161c68a85b4b (diff)
audit: always enable syscall auditing when supported and audit is enabled
To the best of our knowledge, everyone who enables audit at compile time also enables syscall auditing; this patch simplifies the Kconfig menus by removing the option to disable syscall auditing when audit is selected and the target arch supports it. Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r--init/Kconfig11
1 files changed, 3 insertions, 8 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 235c7a2c0d20..a9b4c85c036b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -299,20 +299,15 @@ config AUDIT
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
- logging of avc messages output). Does not do system-call
- auditing without CONFIG_AUDITSYSCALL.
+ logging of avc messages output). System call auditing is included
+ on architectures which support it.
config HAVE_ARCH_AUDITSYSCALL
bool
config AUDITSYSCALL
- bool "Enable system-call auditing support"
+ def_bool y
depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
- default y if SECURITY_SELINUX
- help
- Enable low-overhead system-call auditing infrastructure that
- can be used independently or with another kernel subsystem,
- such as SELinux.
config AUDIT_WATCH
def_bool y