~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/ccsecurity/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/ccsecurity/Kconfig (Version linux-6.12-rc7) and /security/ccsecurity/Kconfig (Version policy-sample)


  1 config CCSECURITY                                 
  2         bool "CCSecurity support"                 
  3         default y                                 
  4         help                                      
  5           Say Y here to support non-LSM versio    
  6           https://tomoyo.sourceforge.net/         
  7                                                   
  8 config CCSECURITY_LKM                             
  9         bool "Compile as loadable kernel modul    
 10         default n                                 
 11         depends on CCSECURITY && MODULES          
 12         help                                      
 13           This version of TOMOYO depends on pa    
 14           to insert some hooks which LSM does     
 15           recompiling the kernel is inevitable    
 16           vmlinux's size as small as possible,    
 17           TOMOYO as a loadable kernel module b    
 18                                                   
 19 config CCSECURITY_DISABLE_BY_DEFAULT              
 20         bool "Disable by default"                 
 21         default n                                 
 22         depends on CCSECURITY                     
 23         help                                      
 24           Say Y here if you want TOMOYO disabl    
 25           To enable TOMOYO, pass ccsecurity=on    
 26           To disable TOMOYO, pass ccsecurity=o    
 27                                                   
 28 config CCSECURITY_USE_EXTERNAL_TASK_SECURITY      
 29         bool "Do not modify 'struct task_struc    
 30         default n                                 
 31         depends on CCSECURITY                     
 32         help                                      
 33           Say Y here if you want to keep KABI     
 34           unchanged. TOMOYO needs "struct ccs_    
 35           "struct task_struct". But embedding     
 36           "struct task_struct" breaks KABI for    
 37           means that you will need to rebuild     
 38           If you say Y here, these variables a    
 39           "struct task_struct" rather than emb    
 40           but accessing these variables become    
 41           is performed every time the current     
 42                                                   
 43 config CCSECURITY_MAX_ACCEPT_ENTRY                
 44         int "Default maximal count for learnin    
 45         default 2048                              
 46         range 0 2147483647                        
 47         depends on CCSECURITY                     
 48         help                                      
 49           This is the default value for maxima    
 50           that are automatically appended into    
 51           Some programs access thousands of ob    
 52           such programs in "learning mode" dul    
 53           and consumes much memory.               
 54           This is the safeguard for such progr    
 55                                                   
 56 config CCSECURITY_MAX_AUDIT_LOG                   
 57         int "Default maximal count for audit l    
 58         default 1024                              
 59         range 0 2147483647                        
 60         depends on CCSECURITY                     
 61         help                                      
 62           This is the default value for maxima    
 63           audit logs that the kernel can hold     
 64           You can read the log via /proc/ccs/a    
 65           If you don't need audit logs, you ma    
 66                                                   
 67 config CCSECURITY_OMIT_USERSPACE_LOADER           
 68         bool "Activate without calling userspa    
 69         default n                                 
 70         depends on CCSECURITY                     
 71         help                                      
 72           Say Y here if you want to activate a    
 73           policy was loaded. This option will     
 74           operations which can lead to the hij    
 75           needed before loading the policy. Fo    
 76           immediately after loading the fixed     
 77           only operations needed for mounting     
 78           variant part of policy and verifying    
 79           loading the variant part of policy.     
 80           enforcing mode from the beginning, y    
 81           hijacking the boot sequence.            
 82                                                   
 83           If you say Y to both "Compile as loa    
 84           "Activate without calling userspace     
 85           to excplicitly load the kernel modul    
 86           the kernel will not call /sbin/ccs-i    
 87                                                   
 88 config CCSECURITY_POLICY_LOADER                   
 89         string "Location of userspace policy l    
 90         default "/sbin/ccs-init"                  
 91         depends on CCSECURITY                     
 92         depends on !CCSECURITY_OMIT_USERSPACE_    
 93         help                                      
 94           This is the default pathname of poli    
 95           activation. You can override this se    
 96           command line option.                    
 97                                                   
 98 config CCSECURITY_ACTIVATION_TRIGGER              
 99         string "Trigger for calling userspace     
100         default "/sbin/init"                      
101         depends on CCSECURITY                     
102         depends on !CCSECURITY_OMIT_USERSPACE_    
103         help                                      
104           This is the default pathname of acti    
105           You can override this setting via CC    
106           option. For example, if you pass ini    
107           want to also pass CCS_trigger=/bin/s    
108                                                   
109           Say Y here if you want to enable onl    
110           to reduce object file size.             
111                                                   
112 config CCSECURITY_FILE_READDIR                    
113         bool "Enable readdir operation restric    
114         default y                                 
115         depends on CCSECURITY                     
116         help                                      
117           Say Y here if you want to enable ana    
118           directories for reading. Reading dir    
119           requested operation and damage cause    
120           might be acceptable for you.            
121                                                   
122 config CCSECURITY_FILE_GETATTR                    
123         bool "Enable getattr operation restric    
124         default y                                 
125         depends on CCSECURITY                     
126         help                                      
127           Say Y here if you want to enable ana    
128           information of files. Getting file's    
129           requested operation and damage cause    
130           might be acceptable for you.            
131                                                   
132 config CCSECURITY_NETWORK                         
133         bool "Enable socket operation restrict    
134         default y                                 
135         depends on NET                            
136         depends on CCSECURITY                     
137         help                                      
138           Say Y here if you want to enable ana    
139           UNIX domain socket's operations.        
140                                                   
141 config CCSECURITY_CAPABILITY                      
142         bool "Enable non-POSIX capability oper    
143         default y                                 
144         depends on CCSECURITY                     
145         help                                      
146           Say Y here if you want to enable ana    
147           capabilities.                           
148                                                   
149 config CCSECURITY_IPC                             
150         bool "Enable IPC operation restriction    
151         default y                                 
152         depends on CCSECURITY                     
153         help                                      
154           Say Y here if you want to enable ana    
155           signals.                                
156                                                   
157 config CCSECURITY_MISC                            
158         bool "Enable environment variable name    
159         default y                                 
160         depends on CCSECURITY                     
161         help                                      
162           Say Y here if you want to enable ana    
163           variable names passed upon program e    
164                                                   
165 config CCSECURITY_TASK_EXECUTE_HANDLER            
166         bool "Enable execute handler functiona    
167         default y                                 
168         depends on CCSECURITY                     
169         help                                      
170           Say Y here if you want to enable exe    
171                                                   
172 config CCSECURITY_TASK_DOMAIN_TRANSITION          
173         bool "Enable domain transition without    
174         default y                                 
175         depends on CCSECURITY                     
176         help                                      
177           Say Y here if you want to enable dom    
178           program execution request.              
179                                                   
180 config CCSECURITY_PORTRESERVE                     
181        bool "Enable local port reserver."         
182        default y                                  
183        depends on NET                             
184        depends on CCSECURITY                      
185        help                                       
186          Say Y here if you want to implement      
187          /proc/sys/net/ipv4/ip_local_reserved_    
188                                                   
189 config CCSECURITY_NETWORK_RECVMSG                 
190         def_bool CCSECURITY_NETWORK               
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php