[grsec] Is CONFIG_SECURITY no longer required?

Brad Spengler spender at grsecurity.net
Fri Oct 9 23:20:43 EDT 2009

On Sat, Oct 10, 2009 at 11:06:29AM +0800, Pavel Labushev wrote:
> In past Grsecurity patches CONFIG_GRKERNSEC required CONFIG_SECURITY,
> but not in the recent patch for Is that correct, the basic LSM
> hooks are no longer needed at all?

Correct.  Before, you had to have CONFIG_SECURITY enabled just to get 
the same capability support that you had by default in 2.4.  They've 
since moved that out of the dependence on LSM and made it supported by 
default, as it should have been from the beginning.  mmap_min_addr also 
required CONFIG_SECURITY until recently.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20091009/2e82c48b/attachment.pgp 

More information about the grsecurity mailing list