X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2FKconfig;h=a6807ffabfab74b4adc9f6683c870b0427da62b0;hb=refs%2Fheads%2Fvserver;hp=34f593410d57cb12070a154bc0fa0b272467dfeb;hpb=76828883507a47dae78837ab5dec5a5b4513c667;p=linux-2.6.git

diff --git a/security/Kconfig b/security/Kconfig
index 34f593410..a6807ffab 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -6,6 +6,7 @@ menu "Security options"
 
 config KEYS
 	bool "Enable access key retention support"
+	depends on !VSERVER_SECURITY
 	help
 	  This option provides support for retaining authentication tokens and
 	  access keys in the kernel.
@@ -22,16 +23,22 @@ config KEYS
 	  If you are unsure as to whether this is required, answer N.
 
 config KEYS_DEBUG_PROC_KEYS
-	bool "Enable the /proc/keys file by which all keys may be viewed"
+	bool "Enable the /proc/keys file by which keys may be viewed"
 	depends on KEYS
 	help
-	  This option turns on support for the /proc/keys file through which
-	  all the keys on the system can be listed.
+	  This option turns on support for the /proc/keys file - through which
+	  can be listed all the keys on the system that are viewable by the
+	  reading process.
 
-	  This option is a slight security risk in that it makes it possible
-	  for anyone to see all the keys on the system. Normally the manager
-	  pretends keys that are inaccessible to a process don't exist as far
-	  as that process is concerned.
+	  The only keys included in the list are those that grant View
+	  permission to the reading process whether or not it possesses them.
+	  Note that LSM security checks are still performed, and may further
+	  filter out keys that the current process is not authorised to view.
+
+	  Only key attributes are listed here; key payloads are not included in
+	  the resulting table.
+
+	  If you are unsure as to whether this is required, answer N.
 
 config SECURITY
 	bool "Enable different security models"
@@ -87,18 +94,6 @@ config SECURITY_ROOTPLUG
 	  
 	  If you are unsure how to answer this question, answer N.
 
-config SECURITY_SECLVL
-	tristate "BSD Secure Levels"
-	depends on SECURITY
-	select CRYPTO
-	select CRYPTO_SHA1
-	help
-	  Implements BSD Secure Levels as an LSM.  See
-	  <file:Documentation/seclvl.txt> for instructions on how to use this
-	  module.
-
-	  If you are unsure how to answer this question, answer N.
-
 source security/selinux/Kconfig
 
 endmenu