Linux/security/ccsecurity/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 config CCSECURITY 2 bool "CCSecurity support" 3 default y 4 help 5 Say Y here to support non-LSM versio 6 https://tomoyo.sourceforge.net/ 7 8 config CCSECURITY_LKM 9 bool "Compile as loadable kernel modul 10 default n 11 depends on CCSECURITY && MODULES 12 help 13 This version of TOMOYO depends on pa 14 to insert some hooks which LSM does 15 recompiling the kernel is inevitable 16 vmlinux's size as small as possible, 17 TOMOYO as a loadable kernel module b 18 19 config CCSECURITY_DISABLE_BY_DEFAULT 20 bool "Disable by default" 21 default n 22 depends on CCSECURITY 23 help 24 Say Y here if you want TOMOYO disabl 25 To enable TOMOYO, pass ccsecurity=on 26 To disable TOMOYO, pass ccsecurity=o 27 28 config CCSECURITY_USE_EXTERNAL_TASK_SECURITY 29 bool "Do not modify 'struct task_struc 30 default n 31 depends on CCSECURITY 32 help 33 Say Y here if you want to keep KABI 34 unchanged. TOMOYO needs "struct ccs_ 35 "struct task_struct". But embedding 36 "struct task_struct" breaks KABI for 37 means that you will need to rebuild 38 If you say Y here, these variables a 39 "struct task_struct" rather than emb 40 but accessing these variables become 41 is performed every time the current 42 43 config CCSECURITY_MAX_ACCEPT_ENTRY 44 int "Default maximal count for learnin 45 default 2048 46 range 0 2147483647 47 depends on CCSECURITY 48 help 49 This is the default value for maxima 50 that are automatically appended into 51 Some programs access thousands of ob 52 such programs in "learning mode" dul 53 and consumes much memory. 54 This is the safeguard for such progr 55 56 config CCSECURITY_MAX_AUDIT_LOG 57 int "Default maximal count for audit l 58 default 1024 59 range 0 2147483647 60 depends on CCSECURITY 61 help 62 This is the default value for maxima 63 audit logs that the kernel can hold 64 You can read the log via /proc/ccs/a 65 If you don't need audit logs, you ma 66 67 config CCSECURITY_OMIT_USERSPACE_LOADER 68 bool "Activate without calling userspa 69 default n 70 depends on CCSECURITY 71 help 72 Say Y here if you want to activate a 73 policy was loaded. This option will 74 operations which can lead to the hij 75 needed before loading the policy. Fo 76 immediately after loading the fixed 77 only operations needed for mounting 78 variant part of policy and verifying 79 loading the variant part of policy. 80 enforcing mode from the beginning, y 81 hijacking the boot sequence. 82 83 If you say Y to both "Compile as loa 84 "Activate without calling userspace 85 to excplicitly load the kernel modul 86 the kernel will not call /sbin/ccs-i 87 88 config CCSECURITY_POLICY_LOADER 89 string "Location of userspace policy l 90 default "/sbin/ccs-init" 91 depends on CCSECURITY 92 depends on !CCSECURITY_OMIT_USERSPACE_ 93 help 94 This is the default pathname of poli 95 activation. You can override this se 96 command line option. 97 98 config CCSECURITY_ACTIVATION_TRIGGER 99 string "Trigger for calling userspace 100 default "/sbin/init" 101 depends on CCSECURITY 102 depends on !CCSECURITY_OMIT_USERSPACE_ 103 help 104 This is the default pathname of acti 105 You can override this setting via CC 106 option. For example, if you pass ini 107 want to also pass CCS_trigger=/bin/s 108 109 Say Y here if you want to enable onl 110 to reduce object file size. 111 112 config CCSECURITY_FILE_READDIR 113 bool "Enable readdir operation restric 114 default y 115 depends on CCSECURITY 116 help 117 Say Y here if you want to enable ana 118 directories for reading. Reading dir 119 requested operation and damage cause 120 might be acceptable for you. 121 122 config CCSECURITY_FILE_GETATTR 123 bool "Enable getattr operation restric 124 default y 125 depends on CCSECURITY 126 help 127 Say Y here if you want to enable ana 128 information of files. Getting file's 129 requested operation and damage cause 130 might be acceptable for you. 131 132 config CCSECURITY_NETWORK 133 bool "Enable socket operation restrict 134 default y 135 depends on NET 136 depends on CCSECURITY 137 help 138 Say Y here if you want to enable ana 139 UNIX domain socket's operations. 140 141 config CCSECURITY_CAPABILITY 142 bool "Enable non-POSIX capability oper 143 default y 144 depends on CCSECURITY 145 help 146 Say Y here if you want to enable ana 147 capabilities. 148 149 config CCSECURITY_IPC 150 bool "Enable IPC operation restriction 151 default y 152 depends on CCSECURITY 153 help 154 Say Y here if you want to enable ana 155 signals. 156 157 config CCSECURITY_MISC 158 bool "Enable environment variable name 159 default y 160 depends on CCSECURITY 161 help 162 Say Y here if you want to enable ana 163 variable names passed upon program e 164 165 config CCSECURITY_TASK_EXECUTE_HANDLER 166 bool "Enable execute handler functiona 167 default y 168 depends on CCSECURITY 169 help 170 Say Y here if you want to enable exe 171 172 config CCSECURITY_TASK_DOMAIN_TRANSITION 173 bool "Enable domain transition without 174 default y 175 depends on CCSECURITY 176 help 177 Say Y here if you want to enable dom 178 program execution request. 179 180 config CCSECURITY_PORTRESERVE 181 bool "Enable local port reserver." 182 default y 183 depends on NET 184 depends on CCSECURITY 185 help 186 Say Y here if you want to implement 187 /proc/sys/net/ipv4/ip_local_reserved_ 188 189 config CCSECURITY_NETWORK_RECVMSG 190 def_bool CCSECURITY_NETWORK

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/security/ccsecurity/Kconfig

Diff markup

Differences between /security/ccsecurity/Kconfig (Version linux-6.12-rc7) and /security/ccsecurity/Kconfig (Version unix-v6-master)

TOMOYO Linux Cross Reference Linux/security/ccsecurity/Kconfig

Diff markup

Differences between /security/ccsecurity/Kconfig (Version linux-6.12-rc7) and /security/ccsecurity/Kconfig (Version unix-v6-master)

TOMOYO Linux Cross Reference
Linux/security/ccsecurity/Kconfig