www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Mickaël Salaün <mic@digikod.net>
	Fri, 22 Nov 2024 14:33:31 +0000 (15:33 +0100)
committer	Paul Moore <paul@paul-moore.com>
	Sat, 4 Jan 2025 16:50:44 +0000 (11:50 -0500)
commit	7ccbe076d987598b04b4b9c9b61f042291f9cc77
tree	00c846592c9123a5fdaf81c258f09cbdb0416869	tree
parent	7a9b65ab0abd52ae646ba327522315d7500a7d4f	commit \| diff

lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set

When CONFIG_AUDIT is set, its CONFIG_NET dependency is also set, and the
dev_get_by_index and init_net symbols (used by dump_common_audit_data)
are found by the linker. dump_common_audit_data() should then failed to
build when CONFIG_NET is not set. However, because the compiler is
smart, it knows that audit_log_start() always return NULL when
!CONFIG_AUDIT, and it doesn't build the body of common_lsm_audit(). As
a side effect, dump_common_audit_data() is not built and the linker
doesn't error out because of missing symbols.

Let's only build lsm_audit.o when CONFIG_SECURITY and CONFIG_AUDIT are
both set, which is checked with the new CONFIG_HAS_SECURITY_AUDIT.

ipv4_skb_to_auditdata() and ipv6_skb_to_auditdata() are only used by
Smack if CONFIG_AUDIT is set, so they don't need fake implementations.

Because common_lsm_audit() is used in multiple places without
CONFIG_AUDIT checks, add a fake implementation.

Link: https://lore.kernel.org/r/20241122143353.59367-2-mic@digikod.net
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/linux/lsm_audit.h		diff \| blob \| history
security/Kconfig		diff \| blob \| history
security/Makefile		diff \| blob \| history