From bc7e09e5349758759c19d1eaba4f5b6c3418b14f Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 25 Sep 2017 12:03:19 -0400
Subject: [PATCH] UBUNTU: SAUCE: LSM stacking: fixup stacking kconfig

The stack configs in the base stacking patches are confusing and
separate the selinux/smack stacking from the other LSMs with an
"extreme" stacking entry which is extremely confusing.

Switch the "extreme" stacking to a select for mutually exclusive
LSMs, which provides a better explanation of what is happening.

Fixes: 6c5100029055 ("LSM: general but not extreme module stacking")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 security/Kconfig | 50 +++++++++++++++++++++++-------------------------
 1 file changed, 24 insertions(+), 26 deletions(-)

diff --git a/security/Kconfig b/security/Kconfig
index 8615fb21d635..a3ffa29ef7f4 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -317,40 +317,38 @@ menu "Security Module Stack"
 	visible if SECURITY_STACKING
 
 choice
-	prompt "Stacked 'extreme' security module"
-	default SECURITY_SELINUX_STACKED if SECURITY_SELINUX
-	default SECURITY_SMACK_STACKED if SECURITY_SMACK
-
-	help
-	  Enable an extreme security module. These modules cannot
-	  be used at the same time.
+	prompt "mutually exclusive LSMs"
+	default SECURITY_NO_EXCLUSIVE_LSM
 
+	config SECURITY_NO_EXCLUSIVE_LSM
+		bool "none"
+		help
+		  Do no add an LSM to is mutually exclusive to the stack."
 	config SECURITY_SELINUX_STACKED
 		bool "SELinux" if SECURITY_SELINUX=y
-	help
-	  Add the SELinux security module to the stack. At this
-	  time the Smack security module is incompatible with this
-	  module.
-	  Please be sure your user space code is accomodating of
-	  this security module.
+		help
+		  Add the SELinux security module to the stack.
+		  Please be sure your user space code is accomodating of
+		  this security module.
+		  Ensure that your network configuration is compatible
+		  with your combination of security modules.
+
+		  Incompatible with Smack being stacked.
+
+		  If you are unsure how to answer this question, answer N.
 
 	config SECURITY_SMACK_STACKED
 		bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
-	help
-	  Add the Smack security module to the stack. At this
-	  time the SELinux security module is incompatible with this
-	  module.
-	  Please be sure your user space code is accomodating of
-	  this security module.
+		help
+		  Add the Smack security module to the stack.
+		  Please be sure your user space code is accomodating of
+		  this security module.
+		  Ensure that your network configuration is compatible
+		  with your combination of security modules.
 
-	config SECURITY_NOTHING_STACKED
-		bool "Use no 'extreme' security module"
-	help
-	  Add neither the SELinux security module nor the Smack security
-	  module to the stack.
-	  Please be sure your user space code does not require either of
-	  these security modules.
+		  Incompatible with SeLinux being stacked.
 
+		  If you are unsure how to answer this question, answer N.
 endchoice
 
 config SECURITY_TOMOYO_STACKED
-- 
2.39.5