summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-05-24 09:39:29 -0400
committerEric Paris <eparis@redhat.com>2013-11-05 11:08:01 -0500
commit83fa6bbe4c4541ae748b550b4ec391f8a0acfe94 (patch)
treeda0b4c3432448ac961c5372a94ad38512660314f /init
parentda0a610497ce193782c8df4a33fee7fce030cb99 (diff)
downloadblackbird-op-linux-83fa6bbe4c4541ae748b550b4ec391f8a0acfe94.tar.gz
blackbird-op-linux-83fa6bbe4c4541ae748b550b4ec391f8a0acfe94.zip
audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE
After trying to use this feature in Fedora we found the hard coding policy like this into the kernel was a bad idea. Surprise surprise. We ran into these problems because it was impossible to launch a container as a logged in user and run a login daemon inside that container. This reverts back to the old behavior before this option was added. The option will be re-added in a userspace selectable manor such that userspace can choose when it is and when it is not appropriate. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig14
1 files changed, 0 insertions, 14 deletions
diff --git a/init/Kconfig b/init/Kconfig
index fed81b576f29..18a98c893d07 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -301,20 +301,6 @@ config AUDIT_TREE
depends on AUDITSYSCALL
select FSNOTIFY
-config AUDIT_LOGINUID_IMMUTABLE
- bool "Make audit loginuid immutable"
- depends on AUDIT
- help
- The config option toggles if a task setting its loginuid requires
- CAP_SYS_AUDITCONTROL or if that task should require no special permissions
- but should instead only allow setting its loginuid if it was never
- previously set. On systems which use systemd or a similar central
- process to restart login services this should be set to true. On older
- systems in which an admin would typically have to directly stop and
- start processes this should be set to false. Setting this to true allows
- one to drop potentially dangerous capabilites from the login tasks,
- but may not be backwards compatible with older init systems.
-
source "kernel/irq/Kconfig"
source "kernel/time/Kconfig"
OpenPOWER on IntegriCloud