18 lines
742 B
Plaintext
18 lines
742 B
Plaintext
config SECURITY_CHROMIUMOS
|
|
bool "Chromium OS Security Module"
|
|
depends on SECURITY
|
|
help
|
|
The purpose of the Chromium OS security module is to reduce attacking
|
|
surface by preventing access to general purpose access modes not
|
|
required by Chromium OS. Currently: the mount operation is
|
|
restricted by requiring a mount point path without symbolic links,
|
|
and loading modules is limited to only the root filesystem.
|
|
|
|
config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
|
|
bool "Force /proc/<pid>/mem paths to be read-only"
|
|
default y
|
|
help
|
|
When enabled, attempts to open /proc/self/mem for write access
|
|
will always fail. Write access to this file allows bypassing
|
|
of memory map permissions (such as modifying read-only code).
|