diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2012-06-25 12:18:21 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2012-07-05 16:43:59 -0400 |
| commit | 417c6c8ee2eb6975f357d8975af94ba5fbeaf82d (patch) | |
| tree | 02af1e4363f415bfaa45c50a530cee78ecdf87b8 /security/integrity | |
| parent | 7ff2267af595e642f1009198ab49e86a239148fa (diff) | |
| download | linux-417c6c8ee2eb6975f357d8975af94ba5fbeaf82d.tar.gz | |
ima: audit is compiled only when enabled
IMA auditing code was compiled even when CONFIG_AUDIT was not enabled. This patch compiles auditing code only when possible and enabled. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/ima/Kconfig | 3 | ||||
| -rw-r--r-- | security/integrity/ima/Makefile | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima.h | 9 | ||||
| -rw-r--r-- | security/integrity/ima/ima_audit.c | 3 |
4 files changed, 13 insertions, 5 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 35664fe6daa1..b9c1219924f1 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -38,8 +38,9 @@ config IMA_MEASURE_PCR_IDX measurement list. If unsure, use the default 10. config IMA_AUDIT - bool + bool "Enables auditing support" depends on IMA + depends on AUDIT default y help This option adds a kernel parameter 'ima_audit', which diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index 5690c021de8f..5f740f6971e1 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile @@ -6,4 +6,5 @@ obj-$(CONFIG_IMA) += ima.o ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ - ima_policy.o ima_audit.o + ima_policy.o +ima-$(CONFIG_IMA_AUDIT) += ima_audit.o diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3ccf7acac6df..e7c99fd0d223 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -61,10 +61,19 @@ struct ima_queue_entry { }; extern struct list_head ima_measurements; /* list of all measurements */ +#ifdef CONFIG_IMA_AUDIT /* declarations */ void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int info); +#else +static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, + const unsigned char *fname, + const char *op, const char *cause, + int result, int info) +{ +} +#endif /* Internal IMA function definitions */ int ima_init(void); diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index 21e96bf188df..7a57f6769e9c 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c @@ -17,8 +17,6 @@ static int ima_audit; -#ifdef CONFIG_IMA_AUDIT - /* ima_audit_setup - enable informational auditing messages */ static int __init ima_audit_setup(char *str) { @@ -29,7 +27,6 @@ static int __init ima_audit_setup(char *str) return 1; } __setup("ima_audit=", ima_audit_setup); -#endif void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, |