On Wed, Feb 20, 2008 at 01:06:09AM +1100, Nick Andrew wrote:
Changelog:
Improve usefulness and consistency of kernel configuration help messages.
Signed-off-by: Nick Andrew <nick@nick-andrew.net>
--- a/init/Kconfig 2008-02-20 00:45:07.000000000 +1100
+++ b/init/Kconfig 2008-02-20 00:52:07.000000000 +1100
@@ -231,20 +231,36 @@ config AUDIT
bool "Auditing support"
depends on NET
help
- Enable auditing infrastructure that can be used with another
- kernel subsystem, such as SELinux (which requires this for
- logging of avc messages output). Does not do system-call
- auditing without CONFIG_AUDITSYSCALL.
+ Enable an auditing infrastructure that can be used with another
+ kernel subsystem, such as Security-Enhanced Linux (SELinux),
+ which requires this option for logging of AVC messages output.
+
+ AVC refers to Access Vector Cache, a subsystem used by SELinux
+ to improve performance of the security checking by caching
+ previous access decisions.
+
+ See <http://www.nsa.gov/selinux/> for more information
+ on Security-Enhanced Linux.
+
+ CONFIG_AUDITSYSCALL (see below) is also required for
+ system-call auditing.
+
+ If unsure, say N.
config AUDITSYSCALL
bool "Enable system-call auditing support"
depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64)
default y if SECURITY_SELINUX
help
- Enable low-overhead system-call auditing infrastructure that
+ Enable a low-overhead system-call auditing infrastructure that
can be used independently or with another kernel subsystem,
- such as SELinux. To use audit's filesystem watch feature, please
- ensure that INOTIFY is configured.
+ such as SELinux.
+
+ To use audit's filesystem watch feature, please ensure
+ that CONFIG_INOTIFY is enabled. See the 'File systems'
+ menu for Inotify file change notification support.
+
+ If unsure, say N.
config AUDIT_TREE
def_bool y
--
