Menu
▾
▴
Re: [Linux-ima-user] CONFIG_IMA_LSM_RULES depends on CONFIG_AUDIT?
|
From: Mimi Z. <zo...@li...> - 2015-07-13 15:35:18
|
On Mon, 2015-07-13 at 14:49 +0200, Patrick Ohly wrote: > On Mon, 2015-07-13 at 08:36 -0400, Mimi Zohar wrote: > > On Mon, 2015-07-13 at 13:55 +0200, Patrick Ohly wrote: > > > Hello! > > > > > > I noticed that CONFIG_IMA_LSM_RULES can only be enabled when > > > CONFIG_AUDIT is also enabled. Why is that? At first glance it seemed > > > like it should be possible to compile the LSM code without auditing > > > enabled (not tested, though). > > > > > > I was warned that enabling auditing has a performance impact. Is that > > > true even for just CONFIG_AUDIT=yes (and nothing else, in particular > > > nothing that turns on syscall auditing)? > > > > The linux-integrity subsystem error messages use the audit subsystem > > facility. Look at the security/integrity/integrity_audit.c: > > integrity_audit_msg() function. Prior to systemd, the messages either > > went to the audit log, if enabled, or syslog. > > Understood. > > But why does CONFIG_IMA_LSM_RULES depend on audit support? The LSM part > of the policy has nothing to do with logging. I'm referring to the "&& > AUDIT" part in security/integrity/ima/Kconfig: > > config IMA_LSM_RULES > bool > depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK) > default y > help > Disabling this option will disregard LSM based policy rules. > The commit "b53fab9 ima: fix build error" patch description gives a full explanation. Mimi |
