Home Explore Help
Register Sign In
RD_Software
/
ark1668ed-bsp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fc47107f95
Branches Tags
ark1668ed-bsp
/
linux
/
security
/
smack
/
Kconfig

Kconfig 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. # SPDX-License-Identifier: GPL-2.0-only
    2. 

  2. config SECURITY_SMACK
    3. 

  3. 	bool "Simplified Mandatory Access Control Kernel Support"
    4. 

  4. 	depends on NET
    5. 

  5. 	depends on INET
    6. 

  6. 	depends on SECURITY
    7. 

  7. 	select NETLABEL
    8. 

  8. 	select SECURITY_NETWORK
    9. 

  9. 	default n
    10. 

  10. 	help
    11. 

  11. 	  This selects the Simplified Mandatory Access Control Kernel.
    12. 

  12. 	  Smack is useful for sensitivity, integrity, and a variety
    13. 

  13. 	  of other mandatory security schemes.
    14. 

  14. 	  If you are unsure how to answer this question, answer N.
    15. 

  15. 

  16. config SECURITY_SMACK_BRINGUP
    17. 

  17. 	bool "Reporting on access granted by Smack rules"
    18. 

  18. 	depends on SECURITY_SMACK
    19. 

  19. 	default n
    20. 

  20. 	help
    21. 

  21. 	  Enable the bring-up ("b") access mode in Smack rules.
    22. 

  22. 	  When access is granted by a rule with the "b" mode a
    23. 

  23. 	  message about the access requested is generated. The
    24. 

  24. 	  intention is that a process can be granted a wide set
    25. 

  25. 	  of access initially with the bringup mode set on the
    26. 

  26. 	  rules. The developer can use the information to
    27. 

  27. 	  identify which rules are necessary and what accesses
    28. 

  28. 	  may be inappropriate. The developer can reduce the
    29. 

  29. 	  access rule set once the behavior is well understood.
    30. 

  30. 	  This is a superior mechanism to the oft abused
    31. 

  31. 	  "permissive" mode of other systems.
    32. 

  32. 	  If you are unsure how to answer this question, answer N.
    33. 

  33. 

  34. config SECURITY_SMACK_NETFILTER
    35. 

  35. 	bool "Packet marking using secmarks for netfilter"
    36. 

  36. 	depends on SECURITY_SMACK
    37. 

  37. 	depends on NETWORK_SECMARK
    38. 

  38. 	depends on NETFILTER
    39. 

  39. 	default n
    40. 

  40. 	help
    41. 

  41. 	  This enables security marking of network packets using
    42. 

  42. 	  Smack labels.
    43. 

  43. 	  If you are unsure how to answer this question, answer N.
    44. 

  44. 

  45. config SECURITY_SMACK_APPEND_SIGNALS
    46. 

  46. 	bool "Treat delivering signals as an append operation"
    47. 

  47. 	depends on SECURITY_SMACK
    48. 

  48. 	default n
    49. 

  49. 	help
    50. 

  50. 	  Sending a signal has been treated as a write operation to the
    51. 

  51. 	  receiving process. If this option is selected, the delivery
    52. 

  52. 	  will be an append operation instead. This makes it possible
    53. 

  53. 	  to differentiate between delivering a network packet and
    54. 

  54. 	  delivering a signal in the Smack rules.
    55. 

  55. 	  If you are unsure how to answer this question, answer N.
    56.