mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-22 07:53:11 -05:00
7ccbe076d9
When CONFIG_AUDIT is set, its CONFIG_NET dependency is also set, and the dev_get_by_index and init_net symbols (used by dump_common_audit_data) are found by the linker. dump_common_audit_data() should then failed to build when CONFIG_NET is not set. However, because the compiler is smart, it knows that audit_log_start() always return NULL when !CONFIG_AUDIT, and it doesn't build the body of common_lsm_audit(). As a side effect, dump_common_audit_data() is not built and the linker doesn't error out because of missing symbols. Let's only build lsm_audit.o when CONFIG_SECURITY and CONFIG_AUDIT are both set, which is checked with the new CONFIG_HAS_SECURITY_AUDIT. ipv4_skb_to_auditdata() and ipv6_skb_to_auditdata() are only used by Smack if CONFIG_AUDIT is set, so they don't need fake implementations. Because common_lsm_audit() is used in multiple places without CONFIG_AUDIT checks, add a fake implementation. Link: https://lore.kernel.org/r/20241122143353.59367-2-mic@digikod.net Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <jmorris@namei.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Signed-off-by: Paul Moore <paul@paul-moore.com>
31 lines
980 B
Makefile
31 lines
980 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the kernel security code
|
|
#
|
|
|
|
obj-$(CONFIG_KEYS) += keys/
|
|
|
|
# always enable default capabilities
|
|
obj-y += commoncap.o
|
|
obj-$(CONFIG_SECURITY) += lsm_syscalls.o
|
|
obj-$(CONFIG_MMU) += min_addr.o
|
|
|
|
# Object file lists
|
|
obj-$(CONFIG_SECURITY) += security.o
|
|
obj-$(CONFIG_SECURITYFS) += inode.o
|
|
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
|
|
obj-$(CONFIG_SECURITY_SMACK) += smack/
|
|
obj-$(CONFIG_HAS_SECURITY_AUDIT) += lsm_audit.o
|
|
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
|
|
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
|
|
obj-$(CONFIG_SECURITY_YAMA) += yama/
|
|
obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
|
|
obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/
|
|
obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
|
|
obj-$(CONFIG_CGROUPS) += device_cgroup.o
|
|
obj-$(CONFIG_BPF_LSM) += bpf/
|
|
obj-$(CONFIG_SECURITY_LANDLOCK) += landlock/
|
|
obj-$(CONFIG_SECURITY_IPE) += ipe/
|
|
|
|
# Object integrity file lists
|
|
obj-$(CONFIG_INTEGRITY) += integrity/
|