config SECURITY_CHROMIUMOS
	bool "Chromium OS Security Module"
	depends on SECURITY
	help
	  The purpose of the Chromium OS security module is to reduce attacking
	  surface by preventing access to general purpose access modes not
	  required by Chromium OS. Currently: the mount operation is
	  restricted by requiring a mount point path without symbolic links,
	  and loading modules is limited to only the root filesystem.

config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
	bool "Force /proc/<pid>/mem paths to be read-only"
	default y
	help
	  When enabled, attempts to open /proc/self/mem for write access
	  will always fail.  Write access to this file allows bypassing
	  of memory map permissions (such as modifying read-only code).