aha/security
Serge E. Hallyn b3a222e52e remove CONFIG_SECURITY_FILE_CAPABILITIES compile option
As far as I know, all distros currently ship kernels with default
CONFIG_SECURITY_FILE_CAPABILITIES=y.  Since having the option on
leaves a 'no_file_caps' option to boot without file capabilities,
the main reason to keep the option is that turning it off saves
you (on my s390x partition) 5k.  In particular, vmlinux sizes
came to:

without patch fscaps=n:		 	53598392
without patch fscaps=y:		 	53603406
with this patch applied:		53603342

with the security-next tree.

Against this we must weigh the fact that there is no simple way for
userspace to figure out whether file capabilities are supported,
while things like per-process securebits, capability bounding
sets, and adding bits to pI if CAP_SETPCAP is in pE are not supported
with SECURITY_FILE_CAPABILITIES=n, leaving a bit of a problem for
applications wanting to know whether they can use them and/or why
something failed.

It also adds another subtly different set of semantics which we must
maintain at the risk of severe security regressions.

So this patch removes the SECURITY_FILE_CAPABILITIES compile
option.  It drops the kernel size by about 50k over the stock
SECURITY_FILE_CAPABILITIES=y kernel, by removing the
cap_limit_ptraced_target() function.

Changelog:
	Nov 20: remove cap_limit_ptraced_target() as it's logic
		was ifndef'ed.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Andrew G. Morgan" <morgan@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
2009-11-24 15:06:47 +11:00
..
integrity/ima LSM: imbed ima calls in the security hooks 2009-10-25 12:22:48 +08:00
keys KEYS: Have the garbage collector set its timer for live expired keys 2009-09-23 11:03:47 -07:00
selinux SELinux: print denials for buggy kernel with unknown perms 2009-11-24 14:30:49 +11:00
smack seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
tomoyo tomoyo: improve hash bucket dispersion 2009-10-29 11:17:33 +11:00
capability.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
commoncap.c remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
Makefile security: remove root_plug 2009-10-20 14:26:16 +09:00
min_addr.c sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 2009-11-09 08:34:22 +11:00
security.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00