~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/ccsecurity/Config.in

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/ccsecurity/Config.in (Version linux-6.12-rc7) and /security/ccsecurity/Config.in (Version linux-4.4.302)

  1 #                                                   1 #
  2 # Mandatory Access Control configuration            2 # Mandatory Access Control configuration
  3 #                                                   3 #
  4 mainmenu_option next_comment                        4 mainmenu_option next_comment
  5 comment 'Security options'                          5 comment 'Security options'
  6                                                     6 
  7 [ -z "$CONFIG_CCSECURITY" ] && define_bool CON      7 [ -z "$CONFIG_CCSECURITY" ] && define_bool CONFIG_CCSECURITY y
  8 bool 'CCSecurity support' CONFIG_CCSECURITY         8 bool 'CCSecurity support' CONFIG_CCSECURITY
  9                                                     9 
 10 if [ "$CONFIG_CCSECURITY" = "y" ]; then            10 if [ "$CONFIG_CCSECURITY" = "y" ]; then
 11                                                    11 
 12   [ -z "$CONFIG_CCSECURITY_LKM" ] && define_bo     12   [ -z "$CONFIG_CCSECURITY_LKM" ] && define_bool CONFIG_CCSECURITY_LKM n
 13   bool 'Compile as loadable kernel module' CON     13   bool 'Compile as loadable kernel module' CONFIG_CCSECURITY_LKM
 14                                                    14 
 15   [ -z "$CONFIG_CCSECURITY_DISABLE_BY_DEFAULT"     15   [ -z "$CONFIG_CCSECURITY_DISABLE_BY_DEFAULT" ] && define_bool CONFIG_CCSECURITY_DISABLE_BY_DEFAULT n
 16   bool 'Disable by default' CONFIG_CCSECURITY_     16   bool 'Disable by default' CONFIG_CCSECURITY_DISABLE_BY_DEFAULT
 17                                                    17 
 18   [ -z "$CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY" ]     18   [ -z "$CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY" ] && define_int CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY 2048
 19   [ $CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY -lt 0      19   [ $CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY -lt 0 ] && define_int CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY 0
 20   int  'Default maximal count for learning mod     20   int  'Default maximal count for learning mode' CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY
 21                                                    21 
 22   [ -z "$CONFIG_CCSECURITY_MAX_AUDIT_LOG" ] &&     22   [ -z "$CONFIG_CCSECURITY_MAX_AUDIT_LOG" ] && define_int CONFIG_CCSECURITY_MAX_AUDIT_LOG 1024
 23   [ $CONFIG_CCSECURITY_MAX_AUDIT_LOG -lt 0 ] &     23   [ $CONFIG_CCSECURITY_MAX_AUDIT_LOG -lt 0 ] && define_int CONFIG_CCSECURITY_MAX_AUDIT_LOG 0
 24   int  'Default maximal count for audit log' C     24   int  'Default maximal count for audit log' CONFIG_CCSECURITY_MAX_AUDIT_LOG
 25                                                    25 
 26   [ -z "$CONFIG_CCSECURITY_OMIT_USERSPACE_LOAD     26   [ -z "$CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER" ] && define_bool CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER n
 27   bool 'Activate without calling userspace pol     27   bool 'Activate without calling userspace policy loader.' CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER
 28                                                    28 
 29   if [ "$CONFIG_CCSECURITY_OMIT_USERSPACE_LOAD     29   if [ "$CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER" = "n" ]; then
 30                                                    30 
 31     define_string CONFIG_CCSECURITY_POLICY_LOA     31     define_string CONFIG_CCSECURITY_POLICY_LOADER "/sbin/ccs-init"
 32     string 'Location of userspace policy loade     32     string 'Location of userspace policy loader' CONFIG_CCSECURITY_POLICY_LOADER "/sbin/ccs-init"
 33                                                    33 
 34     define_string CONFIG_CCSECURITY_ACTIVATION     34     define_string CONFIG_CCSECURITY_ACTIVATION_TRIGGER "/sbin/init"
 35     string 'Trigger for calling userspace poli     35     string 'Trigger for calling userspace policy loader' CONFIG_CCSECURITY_ACTIVATION_TRIGGER "/sbin/init"
 36                                                    36 
 37   fi                                               37   fi
 38                                                    38 
 39   [ -z "$CONFIG_CCSECURITY_FILE_READDIR" ] &&      39   [ -z "$CONFIG_CCSECURITY_FILE_READDIR" ] && define_bool CONFIG_CCSECURITY_FILE_READDIR y
 40   bool "Enable readdir operation restriction."     40   bool "Enable readdir operation restriction." CONFIG_CCSECURITY_FILE_READDIR
 41                                                    41 
 42   [ -z "$CONFIG_CCSECURITY_FILE_GETATTR" ] &&      42   [ -z "$CONFIG_CCSECURITY_FILE_GETATTR" ] && define_bool CONFIG_CCSECURITY_FILE_GETATTR y
 43   bool "Enable getattr operation restriction."     43   bool "Enable getattr operation restriction." CONFIG_CCSECURITY_FILE_GETATTR
 44                                                    44 
 45   if [ "$CONFIG_NET" = "y" ]; then                 45   if [ "$CONFIG_NET" = "y" ]; then
 46                                                    46 
 47      [ -z "$CONFIG_CCSECURITY_NETWORK" ] && de     47      [ -z "$CONFIG_CCSECURITY_NETWORK" ] && define_bool CONFIG_CCSECURITY_NETWORK y
 48      bool "Enable socket operation restriction     48      bool "Enable socket operation restriction." CONFIG_CCSECURITY_NETWORK
 49                                                    49 
 50      if [ "$CONFIG_CCSECURITY_NETWORK" = "y" ]     50      if [ "$CONFIG_CCSECURITY_NETWORK" = "y" ]; then
 51                                                    51 
 52         #[ -z "$CONFIG_CCSECURITY_NETWORK_RECV     52         #[ -z "$CONFIG_CCSECURITY_NETWORK_RECVMSG" ] &&
 53         define_bool CONFIG_CCSECURITY_NETWORK_     53         define_bool CONFIG_CCSECURITY_NETWORK_RECVMSG y
 54                                                    54 
 55      fi                                            55      fi
 56                                                    56 
 57   fi                                               57   fi
 58                                                    58 
 59   [ -z "$CONFIG_CCSECURITY_CAPABILITY" ] && de     59   [ -z "$CONFIG_CCSECURITY_CAPABILITY" ] && define_bool CONFIG_CCSECURITY_CAPABILITY y
 60   bool "Enable non-POSIX capability operation      60   bool "Enable non-POSIX capability operation restriction." CONFIG_CCSECURITY_CAPABILITY
 61                                                    61 
 62   [ -z "$CONFIG_CCSECURITY_IPC" ] && define_bo     62   [ -z "$CONFIG_CCSECURITY_IPC" ] && define_bool CONFIG_CCSECURITY_IPC y
 63   bool "Enable IPC operation restriction." CON     63   bool "Enable IPC operation restriction." CONFIG_CCSECURITY_IPC
 64                                                    64 
 65   [ -z "$CONFIG_CCSECURITY_MISC" ] && define_b     65   [ -z "$CONFIG_CCSECURITY_MISC" ] && define_bool CONFIG_CCSECURITY_MISC y
 66   bool "Enable environment variable names rest     66   bool "Enable environment variable names restriction." CONFIG_CCSECURITY_MISC
 67                                                    67 
 68   [ -z "$CONFIG_CCSECURITY_TASK_EXECUTE_HANDLE     68   [ -z "$CONFIG_CCSECURITY_TASK_EXECUTE_HANDLER" ] && define_bool CONFIG_CCSECURITY_TASK_EXECUTE_HANDLER y
 69   bool "Enable execute handler functionality."     69   bool "Enable execute handler functionality." CONFIG_CCSECURITY_TASK_EXECUTE_HANDLER
 70                                                    70 
 71   [ -z "$CONFIG_CCSECURITY_TASK_DOMAIN_TRANSIT     71   [ -z "$CONFIG_CCSECURITY_TASK_DOMAIN_TRANSITION" ] && define_bool CONFIG_CCSECURITY_TASK_DOMAIN_TRANSITION y
 72   bool "Enable domain transition without progr     72   bool "Enable domain transition without program execution request." CONFIG_CCSECURITY_TASK_DOMAIN_TRANSITION
 73                                                    73 
 74   if [ "$CONFIG_NET" = "y" ]; then                 74   if [ "$CONFIG_NET" = "y" ]; then
 75                                                    75 
 76      [ -z "$CONFIG_CCSECURITY_PORTRESERVE" ] &     76      [ -z "$CONFIG_CCSECURITY_PORTRESERVE" ] && define_bool CONFIG_CCSECURITY_PORTRESERVE y
 77      bool "Enable local port reserver." CONFIG     77      bool "Enable local port reserver." CONFIG_CCSECURITY_PORTRESERVE
 78                                                    78 
 79   fi                                               79   fi
 80                                                    80 
 81 fi                                                 81 fi
 82                                                    82 
 83 endmenu                                            83 endmenu
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php