diff options
| author | Mickaël Salaün <[email protected]> | 2024-11-22 14:33:31 +0000 |
|---|---|---|
| committer | Paul Moore <[email protected]> | 2025-01-04 16:50:44 +0000 |
| commit | 7ccbe076d987598b04b4b9c9b61f042291f9cc77 (patch) | |
| tree | 00c846592c9123a5fdaf81c258f09cbdb0416869 /tools/testing/selftests/net/lib/py/utils.py | |
| parent | selftests: refactor the lsm `flags_overset_lsm_set_self_attr` test (diff) | |
| download | kernel-7ccbe076d987598b04b4b9c9b61f042291f9cc77.tar.gz kernel-7ccbe076d987598b04b4b9c9b61f042291f9cc77.zip | |
lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set
When CONFIG_AUDIT is set, its CONFIG_NET dependency is also set, and the
dev_get_by_index and init_net symbols (used by dump_common_audit_data)
are found by the linker. dump_common_audit_data() should then failed to
build when CONFIG_NET is not set. However, because the compiler is
smart, it knows that audit_log_start() always return NULL when
!CONFIG_AUDIT, and it doesn't build the body of common_lsm_audit(). As
a side effect, dump_common_audit_data() is not built and the linker
doesn't error out because of missing symbols.
Let's only build lsm_audit.o when CONFIG_SECURITY and CONFIG_AUDIT are
both set, which is checked with the new CONFIG_HAS_SECURITY_AUDIT.
ipv4_skb_to_auditdata() and ipv6_skb_to_auditdata() are only used by
Smack if CONFIG_AUDIT is set, so they don't need fake implementations.
Because common_lsm_audit() is used in multiple places without
CONFIG_AUDIT checks, add a fake implementation.
Link: https://lore.kernel.org/r/[email protected]
Cc: Casey Schaufler <[email protected]>
Cc: James Morris <[email protected]>
Cc: Paul Moore <[email protected]>
Cc: Serge E. Hallyn <[email protected]>
Signed-off-by: Mickaël Salaün <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Diffstat (limited to 'tools/testing/selftests/net/lib/py/utils.py')
0 files changed, 0 insertions, 0 deletions