~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/lockdown/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/lockdown/Kconfig (Version linux-6.12-rc7) and /security/lockdown/Kconfig (Version linux-5.8.18)

  1 config SECURITY_LOCKDOWN_LSM                        1 config SECURITY_LOCKDOWN_LSM
  2         bool "Basic module for enforcing kerne      2         bool "Basic module for enforcing kernel lockdown"
  3         depends on SECURITY                         3         depends on SECURITY
  4         select MODULE_SIG if MODULES                4         select MODULE_SIG if MODULES
  5         help                                        5         help
  6           Build support for an LSM that enforc      6           Build support for an LSM that enforces a coarse kernel lockdown
  7           behaviour.                                7           behaviour.
  8                                                     8 
  9 config SECURITY_LOCKDOWN_LSM_EARLY                  9 config SECURITY_LOCKDOWN_LSM_EARLY
 10         bool "Enable lockdown LSM early in ini     10         bool "Enable lockdown LSM early in init"
 11         depends on SECURITY_LOCKDOWN_LSM           11         depends on SECURITY_LOCKDOWN_LSM
 12         help                                       12         help
 13           Enable the lockdown LSM early in boo     13           Enable the lockdown LSM early in boot. This is necessary in order
 14           to ensure that lockdown enforcement      14           to ensure that lockdown enforcement can be carried out on kernel
 15           boot parameters that are otherwise p     15           boot parameters that are otherwise parsed before the security
 16           subsystem is fully initialised. If e     16           subsystem is fully initialised. If enabled, lockdown will
 17           unconditionally be called before any     17           unconditionally be called before any other LSMs.
 18                                                    18 
 19 choice                                             19 choice
 20         prompt "Kernel default lockdown mode"      20         prompt "Kernel default lockdown mode"
 21         default LOCK_DOWN_KERNEL_FORCE_NONE        21         default LOCK_DOWN_KERNEL_FORCE_NONE
 22         depends on SECURITY_LOCKDOWN_LSM           22         depends on SECURITY_LOCKDOWN_LSM
 23         help                                       23         help
 24           The kernel can be configured to defa     24           The kernel can be configured to default to differing levels of
 25           lockdown.                                25           lockdown.
 26                                                    26 
 27 config LOCK_DOWN_KERNEL_FORCE_NONE                 27 config LOCK_DOWN_KERNEL_FORCE_NONE
 28         bool "None"                                28         bool "None"
 29         help                                       29         help
 30           No lockdown functionality is enabled     30           No lockdown functionality is enabled by default. Lockdown may be
 31           enabled via the kernel commandline o     31           enabled via the kernel commandline or /sys/kernel/security/lockdown.
 32                                                    32 
 33 config LOCK_DOWN_KERNEL_FORCE_INTEGRITY            33 config LOCK_DOWN_KERNEL_FORCE_INTEGRITY
 34         bool "Integrity"                           34         bool "Integrity"
 35         help                                       35         help
 36          The kernel runs in integrity mode by      36          The kernel runs in integrity mode by default. Features that allow
 37          the kernel to be modified at runtime      37          the kernel to be modified at runtime are disabled.
 38                                                    38 
 39 config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY      39 config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY
 40         bool "Confidentiality"                     40         bool "Confidentiality"
 41         help                                       41         help
 42          The kernel runs in confidentiality mo     42          The kernel runs in confidentiality mode by default. Features that
 43          allow the kernel to be modified at ru     43          allow the kernel to be modified at runtime or that permit userland
 44          code to read confidential material he     44          code to read confidential material held inside the kernel are
 45          disabled.                                 45          disabled.
 46                                                    46 
 47 endchoice                                          47 endchoice
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php