56 lines
2.0 KiB
Plaintext
56 lines
2.0 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config SECURITY_SMACK
|
|
bool "Simplified Mandatory Access Control Kernel Support"
|
|
depends on NET
|
|
depends on INET
|
|
depends on SECURITY
|
|
select NETLABEL
|
|
select SECURITY_NETWORK
|
|
default n
|
|
help
|
|
This selects the Simplified Mandatory Access Control Kernel.
|
|
Smack is useful for sensitivity, integrity, and a variety
|
|
of other mandatory security schemes.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SMACK_BRINGUP
|
|
bool "Reporting on access granted by Smack rules"
|
|
depends on SECURITY_SMACK
|
|
default n
|
|
help
|
|
Enable the bring-up ("b") access mode in Smack rules.
|
|
When access is granted by a rule with the "b" mode a
|
|
message about the access requested is generated. The
|
|
intention is that a process can be granted a wide set
|
|
of access initially with the bringup mode set on the
|
|
rules. The developer can use the information to
|
|
identify which rules are necessary and what accesses
|
|
may be inappropriate. The developer can reduce the
|
|
access rule set once the behavior is well understood.
|
|
This is a superior mechanism to the oft abused
|
|
"permissive" mode of other systems.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SMACK_NETFILTER
|
|
bool "Packet marking using secmarks for netfilter"
|
|
depends on SECURITY_SMACK
|
|
depends on NETWORK_SECMARK
|
|
depends on NETFILTER
|
|
default n
|
|
help
|
|
This enables security marking of network packets using
|
|
Smack labels.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SMACK_APPEND_SIGNALS
|
|
bool "Treat delivering signals as an append operation"
|
|
depends on SECURITY_SMACK
|
|
default n
|
|
help
|
|
Sending a signal has been treated as a write operation to the
|
|
receiving process. If this option is selected, the delivery
|
|
will be an append operation instead. This makes it possible
|
|
to differentiate between delivering a network packet and
|
|
delivering a signal in the Smack rules.
|
|
If you are unsure how to answer this question, answer N.
|