Linux Audio

Check our new training course

Open Menu / security / smack / Kconfig
Loading...
v4.17
 
 1config SECURITY_SMACK
 2	bool "Simplified Mandatory Access Control Kernel Support"
 3	depends on NET
 4	depends on INET
 5	depends on SECURITY
 6	select NETLABEL
 7	select SECURITY_NETWORK
 8	default n
 9	help
10	  This selects the Simplified Mandatory Access Control Kernel.
11	  Smack is useful for sensitivity, integrity, and a variety
12	  of other mandatory security schemes.
13	  If you are unsure how to answer this question, answer N.
14
15config SECURITY_SMACK_BRINGUP
16	bool "Reporting on access granted by Smack rules"
17	depends on SECURITY_SMACK
18	default n
19	help
20	  Enable the bring-up ("b") access mode in Smack rules.
21	  When access is granted by a rule with the "b" mode a
22	  message about the access requested is generated. The
23	  intention is that a process can be granted a wide set
24	  of access initially with the bringup mode set on the
25	  rules. The developer can use the information to
26	  identify which rules are necessary and what accesses
27	  may be inappropriate. The developer can reduce the
28	  access rule set once the behavior is well understood.
29	  This is a superior mechanism to the oft abused
30	  "permissive" mode of other systems.
31	  If you are unsure how to answer this question, answer N.
32
33config SECURITY_SMACK_NETFILTER
34	bool "Packet marking using secmarks for netfilter"
35	depends on SECURITY_SMACK
36	depends on NETWORK_SECMARK
37	depends on NETFILTER
38	default n
39	help
40	  This enables security marking of network packets using
41	  Smack labels.
42	  If you are unsure how to answer this question, answer N.
43
44config SECURITY_SMACK_APPEND_SIGNALS
45	bool "Treat delivering signals as an append operation"
46	depends on SECURITY_SMACK
47	default n
48	help
49	  Sending a signal has been treated as a write operation to the
50	  receiving process. If this option is selected, the delivery
51	  will be an append operation instead. This makes it possible
52	  to differentiate between delivering a network packet and
53	  delivering a signal in the Smack rules.
54	  If you are unsure how to answer this question, answer N.
v5.9
 1# SPDX-License-Identifier: GPL-2.0-only
 2config SECURITY_SMACK
 3	bool "Simplified Mandatory Access Control Kernel Support"
 4	depends on NET
 5	depends on INET
 6	depends on SECURITY
 7	select NETLABEL
 8	select SECURITY_NETWORK
 9	default n
10	help
11	  This selects the Simplified Mandatory Access Control Kernel.
12	  Smack is useful for sensitivity, integrity, and a variety
13	  of other mandatory security schemes.
14	  If you are unsure how to answer this question, answer N.
15
16config SECURITY_SMACK_BRINGUP
17	bool "Reporting on access granted by Smack rules"
18	depends on SECURITY_SMACK
19	default n
20	help
21	  Enable the bring-up ("b") access mode in Smack rules.
22	  When access is granted by a rule with the "b" mode a
23	  message about the access requested is generated. The
24	  intention is that a process can be granted a wide set
25	  of access initially with the bringup mode set on the
26	  rules. The developer can use the information to
27	  identify which rules are necessary and what accesses
28	  may be inappropriate. The developer can reduce the
29	  access rule set once the behavior is well understood.
30	  This is a superior mechanism to the oft abused
31	  "permissive" mode of other systems.
32	  If you are unsure how to answer this question, answer N.
33
34config SECURITY_SMACK_NETFILTER
35	bool "Packet marking using secmarks for netfilter"
36	depends on SECURITY_SMACK
37	depends on NETWORK_SECMARK
38	depends on NETFILTER
39	default n
40	help
41	  This enables security marking of network packets using
42	  Smack labels.
43	  If you are unsure how to answer this question, answer N.
44
45config SECURITY_SMACK_APPEND_SIGNALS
46	bool "Treat delivering signals as an append operation"
47	depends on SECURITY_SMACK
48	default n
49	help
50	  Sending a signal has been treated as a write operation to the
51	  receiving process. If this option is selected, the delivery
52	  will be an append operation instead. This makes it possible
53	  to differentiate between delivering a network packet and
54	  delivering a signal in the Smack rules.
55	  If you are unsure how to answer this question, answer N.