~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/smack/Kconfig (Version linux-6.12-rc7) and /security/smack/Kconfig (Version linux-6.11.7)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 config SECURITY_SMACK                               2 config SECURITY_SMACK
  3         bool "Simplified Mandatory Access Cont      3         bool "Simplified Mandatory Access Control Kernel Support"
  4         depends on NET                              4         depends on NET
  5         depends on INET                             5         depends on INET
  6         depends on SECURITY                         6         depends on SECURITY
  7         select NETLABEL                             7         select NETLABEL
  8         select SECURITY_NETWORK                     8         select SECURITY_NETWORK
  9         default n                                   9         default n
 10         help                                       10         help
 11           This selects the Simplified Mandator     11           This selects the Simplified Mandatory Access Control Kernel.
 12           Smack is useful for sensitivity, int     12           Smack is useful for sensitivity, integrity, and a variety
 13           of other mandatory security schemes.     13           of other mandatory security schemes.
 14           If you are unsure how to answer this     14           If you are unsure how to answer this question, answer N.
 15                                                    15 
 16 config SECURITY_SMACK_BRINGUP                      16 config SECURITY_SMACK_BRINGUP
 17         bool "Reporting on access granted by S     17         bool "Reporting on access granted by Smack rules"
 18         depends on SECURITY_SMACK                  18         depends on SECURITY_SMACK
 19         default n                                  19         default n
 20         help                                       20         help
 21           Enable the bring-up ("b") access mod     21           Enable the bring-up ("b") access mode in Smack rules.
 22           When access is granted by a rule wit     22           When access is granted by a rule with the "b" mode a
 23           message about the access requested i     23           message about the access requested is generated. The
 24           intention is that a process can be g     24           intention is that a process can be granted a wide set
 25           of access initially with the bringup     25           of access initially with the bringup mode set on the
 26           rules. The developer can use the inf     26           rules. The developer can use the information to
 27           identify which rules are necessary a     27           identify which rules are necessary and what accesses
 28           may be inappropriate. The developer      28           may be inappropriate. The developer can reduce the
 29           access rule set once the behavior is     29           access rule set once the behavior is well understood.
 30           This is a superior mechanism to the      30           This is a superior mechanism to the oft abused
 31           "permissive" mode of other systems.      31           "permissive" mode of other systems.
 32           If you are unsure how to answer this     32           If you are unsure how to answer this question, answer N.
 33                                                    33 
 34 config SECURITY_SMACK_NETFILTER                    34 config SECURITY_SMACK_NETFILTER
 35         bool "Packet marking using secmarks fo     35         bool "Packet marking using secmarks for netfilter"
 36         depends on SECURITY_SMACK                  36         depends on SECURITY_SMACK
 37         depends on NETWORK_SECMARK                 37         depends on NETWORK_SECMARK
 38         depends on NETFILTER                       38         depends on NETFILTER
 39         default n                                  39         default n
 40         help                                       40         help
 41           This enables security marking of net     41           This enables security marking of network packets using
 42           Smack labels.                            42           Smack labels.
 43           If you are unsure how to answer this     43           If you are unsure how to answer this question, answer N.
 44                                                    44 
 45 config SECURITY_SMACK_APPEND_SIGNALS               45 config SECURITY_SMACK_APPEND_SIGNALS
 46         bool "Treat delivering signals as an a     46         bool "Treat delivering signals as an append operation"
 47         depends on SECURITY_SMACK                  47         depends on SECURITY_SMACK
 48         default n                                  48         default n
 49         help                                       49         help
 50           Sending a signal has been treated as     50           Sending a signal has been treated as a write operation to the
 51           receiving process. If this option is     51           receiving process. If this option is selected, the delivery
 52           will be an append operation instead.     52           will be an append operation instead. This makes it possible
 53           to differentiate between delivering      53           to differentiate between delivering a network packet and
 54           delivering a signal in the Smack rul     54           delivering a signal in the Smack rules.
 55           If you are unsure how to answer this     55           If you are unsure how to answer this question, answer N.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php