From 8326c1eec2449f0e868f7b19a5fa7bfa0386ab48 Mon Sep 17 00:00:00 2001
From: Hyunchul Lee <cheol.lee@lge.com>
Date: Fri, 3 Mar 2017 16:44:03 +0900
Subject: ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels

When write syscall is called, every time security label is searched to
determine that file's privileges should be changed.
If LSM(Linux Security Model) is not used, this is useless.

So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default
value is "y".

Signed-off-by: Hyunchul Lee <cheol.lee@lge.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
---
 fs/ubifs/Kconfig | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'fs/ubifs/Kconfig')

diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig
index b0d0623c83ed..83a961bf7280 100644
--- a/fs/ubifs/Kconfig
+++ b/fs/ubifs/Kconfig
@@ -61,3 +61,16 @@ config UBIFS_FS_ENCRYPTION
 	  feature is similar to ecryptfs, but it is more memory
 	  efficient since it avoids caching the encrypted and
 	  decrypted pages in the page cache.
+
+config UBIFS_FS_SECURITY
+	bool "UBIFS Security Labels"
+	depends on UBIFS_FS
+	default y
+	help
+	  Security labels provide an access control facility to support Linux
+	  Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
+	  Linux. This option enables an extended attribute handler for file
+	  security labels in the ubifs filesystem, so that it requires enabling
+	  the extended attribute support in advance.
+
+	  If you are not using a security module, say N.
-- 
cgit v1.2.3-59-g8ed1b