1 # SPDX-License-Identifier: GPL-2.0-only 1 # SPDX-License-Identifier: GPL-2.0-only
2 config SECURITY_SMACK 2 config SECURITY_SMACK
3 bool "Simplified Mandatory Access Cont 3 bool "Simplified Mandatory Access Control Kernel Support"
4 depends on NET 4 depends on NET
5 depends on INET 5 depends on INET
6 depends on SECURITY 6 depends on SECURITY
7 select NETLABEL 7 select NETLABEL
8 select SECURITY_NETWORK 8 select SECURITY_NETWORK
9 default n 9 default n
10 help 10 help
11 This selects the Simplified Mandator 11 This selects the Simplified Mandatory Access Control Kernel.
12 Smack is useful for sensitivity, int 12 Smack is useful for sensitivity, integrity, and a variety
13 of other mandatory security schemes. 13 of other mandatory security schemes.
14 If you are unsure how to answer this 14 If you are unsure how to answer this question, answer N.
15 15
16 config SECURITY_SMACK_BRINGUP 16 config SECURITY_SMACK_BRINGUP
17 bool "Reporting on access granted by S 17 bool "Reporting on access granted by Smack rules"
18 depends on SECURITY_SMACK 18 depends on SECURITY_SMACK
19 default n 19 default n
20 help 20 help
21 Enable the bring-up ("b") access mod 21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule wit 22 When access is granted by a rule with the "b" mode a
23 message about the access requested i 23 message about the access requested is generated. The
24 intention is that a process can be g 24 intention is that a process can be granted a wide set
25 of access initially with the bringup 25 of access initially with the bringup mode set on the
26 rules. The developer can use the inf 26 rules. The developer can use the information to
27 identify which rules are necessary a 27 identify which rules are necessary and what accesses
28 may be inappropriate. The developer 28 may be inappropriate. The developer can reduce the
29 access rule set once the behavior is 29 access rule set once the behavior is well understood.
30 This is a superior mechanism to the 30 This is a superior mechanism to the oft abused
31 "permissive" mode of other systems. 31 "permissive" mode of other systems.
32 If you are unsure how to answer this 32 If you are unsure how to answer this question, answer N.
33 33
34 config SECURITY_SMACK_NETFILTER 34 config SECURITY_SMACK_NETFILTER
35 bool "Packet marking using secmarks fo 35 bool "Packet marking using secmarks for netfilter"
36 depends on SECURITY_SMACK 36 depends on SECURITY_SMACK
37 depends on NETWORK_SECMARK 37 depends on NETWORK_SECMARK
38 depends on NETFILTER 38 depends on NETFILTER
39 default n 39 default n
40 help 40 help
41 This enables security marking of net 41 This enables security marking of network packets using
42 Smack labels. 42 Smack labels.
43 If you are unsure how to answer this 43 If you are unsure how to answer this question, answer N.
44 44
45 config SECURITY_SMACK_APPEND_SIGNALS 45 config SECURITY_SMACK_APPEND_SIGNALS
46 bool "Treat delivering signals as an a 46 bool "Treat delivering signals as an append operation"
47 depends on SECURITY_SMACK 47 depends on SECURITY_SMACK
48 default n 48 default n
49 help 49 help
50 Sending a signal has been treated as 50 Sending a signal has been treated as a write operation to the
51 receiving process. If this option is 51 receiving process. If this option is selected, the delivery
52 will be an append operation instead. 52 will be an append operation instead. This makes it possible
53 to differentiate between delivering 53 to differentiate between delivering a network packet and
54 delivering a signal in the Smack rul 54 delivering a signal in the Smack rules.
55 If you are unsure how to answer this 55 If you are unsure how to answer this question, answer N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.