diff options
author | Paul Moore <pmoore@redhat.com> | 2016-01-13 09:18:55 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-01-13 09:18:55 -0500 |
commit | cb74ed278f8054fddf79ed930495b9e214f7c7b2 (patch) | |
tree | 41b7e6b16956c4e9d8fca2882450d2ed0bdb6590 | |
parent | 96368701e1c89057bbf39222e965161c68a85b4b (diff) |
audit: always enable syscall auditing when supported and audit is enabled
To the best of our knowledge, everyone who enables audit at compile
time also enables syscall auditing; this patch simplifies the Kconfig
menus by removing the option to disable syscall auditing when audit
is selected and the target arch supports it.
Signed-off-by: Paul Moore <pmoore@redhat.com>
-rw-r--r-- | init/Kconfig | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/init/Kconfig b/init/Kconfig index 235c7a2c0d20..a9b4c85c036b 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -299,20 +299,15 @@ config AUDIT help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for - logging of avc messages output). Does not do system-call - auditing without CONFIG_AUDITSYSCALL. + logging of avc messages output). System call auditing is included + on architectures which support it. config HAVE_ARCH_AUDITSYSCALL bool config AUDITSYSCALL - bool "Enable system-call auditing support" + def_bool y depends on AUDIT && HAVE_ARCH_AUDITSYSCALL - default y if SECURITY_SELINUX - help - Enable low-overhead system-call auditing infrastructure that - can be used independently or with another kernel subsystem, - such as SELinux. config AUDIT_WATCH def_bool y |