1 # SPDX-License-Identifier: GPL-2.0-only 1 # SPDX-License-Identifier: GPL-2.0-only 2 2 3 config SECURITY_LANDLOCK 3 config SECURITY_LANDLOCK 4 bool "Landlock support" 4 bool "Landlock support" 5 depends on SECURITY !! 5 depends on SECURITY && !ARCH_EPHEMERAL_INODES 6 select SECURITY_NETWORK << 7 select SECURITY_PATH 6 select SECURITY_PATH 8 help 7 help 9 Landlock is a sandboxing mechanism t 8 Landlock is a sandboxing mechanism that enables processes to restrict 10 themselves (and their future childre 9 themselves (and their future children) by gradually enforcing 11 tailored access control policies. A 10 tailored access control policies. A Landlock security policy is a 12 set of access rights (e.g. open a fi 11 set of access rights (e.g. open a file in read-only, make a 13 directory, etc.) tied to a file hier 12 directory, etc.) tied to a file hierarchy. Such policy can be 14 configured and enforced by any proce 13 configured and enforced by any processes for themselves using the 15 dedicated system calls: landlock_cre 14 dedicated system calls: landlock_create_ruleset(), 16 landlock_add_rule(), and landlock_re 15 landlock_add_rule(), and landlock_restrict_self(). 17 16 18 See Documentation/userspace-api/land 17 See Documentation/userspace-api/landlock.rst for further information. 19 18 20 If you are unsure how to answer this 19 If you are unsure how to answer this question, answer N. Otherwise, 21 you should also prepend "landlock," 20 you should also prepend "landlock," to the content of CONFIG_LSM to 22 enable Landlock at boot time. 21 enable Landlock at boot time. 23 << 24 config SECURITY_LANDLOCK_KUNIT_TEST << 25 bool "KUnit tests for Landlock" if !KU << 26 depends on KUNIT=y << 27 depends on SECURITY_LANDLOCK << 28 default KUNIT_ALL_TESTS << 29 help << 30 Build KUnit tests for Landlock. << 31 << 32 See the KUnit documentation in Docum << 33 << 34 Run all KUnit tests for Landlock wit << 35 ./tools/testing/kunit/kunit.py run - << 36 << 37 If you are unsure how to answer this <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.