From patchwork Wed Nov 20 13:37:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Krzysztof Kozlowski X-Patchwork-Id: 11253867 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9EC25109A for ; Wed, 20 Nov 2019 13:37:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 75B122252C for ; Wed, 20 Nov 2019 13:37:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574257078; bh=wD3mXbNja9ectFp7lvh2up4ccGeb8rNyy241I2AEdDU=; h=From:To:Cc:Subject:Date:List-ID:From; b=TgHFnK/esQay2Ba8tb+u4avClcnG3p+auIkPMhChtkRtnIL1TZLkCEqUYWCyR6mRK st7XagV81SKFsxkV5UgpeoYTE5Y1Hne5f0hW39jJs4Hl1n+9WeK2/H2mTBO+sAD1Np 00CgtAXZu8F/5XpuVXApzbpEQjM4soEuNhZgQrXc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730948AbfKTNh4 (ORCPT ); Wed, 20 Nov 2019 08:37:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:44966 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729145AbfKTNh4 (ORCPT ); Wed, 20 Nov 2019 08:37:56 -0500 Received: from localhost.localdomain (unknown [118.189.143.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 92BB2224D2; Wed, 20 Nov 2019 13:37:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574257074; bh=wD3mXbNja9ectFp7lvh2up4ccGeb8rNyy241I2AEdDU=; h=From:To:Cc:Subject:Date:From; b=G9cMvX8kKqiOhbdcD9TMVRwfcY+nK1JMG3vIwFJCl9r9CClW86exzpY1lrzbx5Zf2 93NTsDmYzfWlNhSAWWo/ol7I1i0UpwXyVTbJTLjoRfbIPOEAGBrak4XNBzIQ8RrGyS Rgx4TC3zjmPMrLTj3be40JEtF1bMDBJI4cXySVEc= From: Krzysztof Kozlowski To: linux-kernel@vger.kernel.org Cc: Krzysztof Kozlowski , John Johansen , James Morris , "Serge E. Hallyn" , Mimi Zohar , Dmitry Kasatkin , Micah Morton , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [PATCH] security: Fix Kconfig indentation Date: Wed, 20 Nov 2019 21:37:50 +0800 Message-Id: <20191120133750.12519-1-krzk@kernel.org> X-Mailer: git-send-email 2.17.1 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Adjust indentation from spaces to tab (+optional two spaces) as in coding style with command like: $ sed -e 's/^ /\t/' -i */Kconfig Signed-off-by: Krzysztof Kozlowski --- security/apparmor/Kconfig | 2 +- security/integrity/Kconfig | 24 ++++++++++++------------ security/integrity/ima/Kconfig | 12 ++++++------ security/safesetid/Kconfig | 24 ++++++++++++------------ 4 files changed, 31 insertions(+), 31 deletions(-) diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index a422a349f926..1f0e712c5e50 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -32,7 +32,7 @@ config SECURITY_APPARMOR_HASH_DEFAULT depends on SECURITY_APPARMOR_HASH default y help - This option selects whether sha1 hashing of loaded policy + This option selects whether sha1 hashing of loaded policy is enabled by default. The generation of sha1 hashes for loaded policy provide system administrators a quick way to verify that policy in the kernel matches what is expected, diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 71f0177e8716..c92339445087 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -34,10 +34,10 @@ config INTEGRITY_ASYMMETRIC_KEYS bool "Enable asymmetric keys support" depends on INTEGRITY_SIGNATURE default n - select ASYMMETRIC_KEY_TYPE - select ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select CRYPTO_RSA - select X509_CERTIFICATE_PARSER + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select CRYPTO_RSA + select X509_CERTIFICATE_PARSER help This option enables digital signature verification using asymmetric keys. @@ -53,14 +53,14 @@ config INTEGRITY_TRUSTED_KEYRING keyring. config INTEGRITY_PLATFORM_KEYRING - bool "Provide keyring for platform/firmware trusted keys" - depends on INTEGRITY_ASYMMETRIC_KEYS - depends on SYSTEM_BLACKLIST_KEYRING - help - Provide a separate, distinct keyring for platform trusted keys, which - the kernel automatically populates during initialization from values - provided by the platform for verifying the kexec'ed kerned image - and, possibly, the initramfs signature. + bool "Provide keyring for platform/firmware trusted keys" + depends on INTEGRITY_ASYMMETRIC_KEYS + depends on SYSTEM_BLACKLIST_KEYRING + help + Provide a separate, distinct keyring for platform trusted keys, which + the kernel automatically populates during initialization from values + provided by the platform for verifying the kexec'ed kerned image + and, possibly, the initramfs signature. config LOAD_UEFI_KEYS depends on INTEGRITY_PLATFORM_KEYRING diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 838476d780e5..ec9259bd8115 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -159,13 +159,13 @@ config IMA_APPRAISE If unsure, say N. config IMA_ARCH_POLICY - bool "Enable loading an IMA architecture specific policy" - depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \ + bool "Enable loading an IMA architecture specific policy" + depends on (KEXEC_SIG && IMA) || IMA_APPRAISE \ && INTEGRITY_ASYMMETRIC_KEYS - default n - help - This option enables loading an IMA architecture specific policy - based on run time secure boot flags. + default n + help + This option enables loading an IMA architecture specific policy + based on run time secure boot flags. config IMA_APPRAISE_BUILD_POLICY bool "IMA build time configured policy rules" diff --git a/security/safesetid/Kconfig b/security/safesetid/Kconfig index 18b5fb90417b..ab1a2c69b0b8 100644 --- a/security/safesetid/Kconfig +++ b/security/safesetid/Kconfig @@ -1,15 +1,15 @@ # SPDX-License-Identifier: GPL-2.0-only config SECURITY_SAFESETID - bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities" - depends on SECURITY - select SECURITYFS - default n - help - SafeSetID is an LSM module that gates the setid family of syscalls to - restrict UID/GID transitions from a given UID/GID to only those - approved by a system-wide whitelist. These restrictions also prohibit - the given UIDs/GIDs from obtaining auxiliary privileges associated - with CAP_SET{U/G}ID, such as allowing a user to set up user namespace - UID mappings. + bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities" + depends on SECURITY + select SECURITYFS + default n + help + SafeSetID is an LSM module that gates the setid family of syscalls to + restrict UID/GID transitions from a given UID/GID to only those + approved by a system-wide whitelist. These restrictions also prohibit + the given UIDs/GIDs from obtaining auxiliary privileges associated + with CAP_SET{U/G}ID, such as allowing a user to set up user namespace + UID mappings. - If you are unsure how to answer this question, answer N. + If you are unsure how to answer this question, answer N.