~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/smack/Kconfig

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/smack/Kconfig (Version linux-6.11.5) and /security/smack/Kconfig (Version linux-4.16.18)


  1 # SPDX-License-Identifier: GPL-2.0-only        << 
  2 config SECURITY_SMACK                               1 config SECURITY_SMACK
  3         bool "Simplified Mandatory Access Cont      2         bool "Simplified Mandatory Access Control Kernel Support"
  4         depends on NET                              3         depends on NET
  5         depends on INET                             4         depends on INET
  6         depends on SECURITY                         5         depends on SECURITY
  7         select NETLABEL                             6         select NETLABEL
  8         select SECURITY_NETWORK                     7         select SECURITY_NETWORK
  9         default n                                   8         default n
 10         help                                        9         help
 11           This selects the Simplified Mandator     10           This selects the Simplified Mandatory Access Control Kernel.
 12           Smack is useful for sensitivity, int     11           Smack is useful for sensitivity, integrity, and a variety
 13           of other mandatory security schemes.     12           of other mandatory security schemes.
 14           If you are unsure how to answer this     13           If you are unsure how to answer this question, answer N.
 15                                                    14 
 16 config SECURITY_SMACK_BRINGUP                      15 config SECURITY_SMACK_BRINGUP
 17         bool "Reporting on access granted by S     16         bool "Reporting on access granted by Smack rules"
 18         depends on SECURITY_SMACK                  17         depends on SECURITY_SMACK
 19         default n                                  18         default n
 20         help                                       19         help
 21           Enable the bring-up ("b") access mod     20           Enable the bring-up ("b") access mode in Smack rules.
 22           When access is granted by a rule wit     21           When access is granted by a rule with the "b" mode a
 23           message about the access requested i     22           message about the access requested is generated. The
 24           intention is that a process can be g     23           intention is that a process can be granted a wide set
 25           of access initially with the bringup     24           of access initially with the bringup mode set on the
 26           rules. The developer can use the inf     25           rules. The developer can use the information to
 27           identify which rules are necessary a     26           identify which rules are necessary and what accesses
 28           may be inappropriate. The developer      27           may be inappropriate. The developer can reduce the
 29           access rule set once the behavior is     28           access rule set once the behavior is well understood.
 30           This is a superior mechanism to the      29           This is a superior mechanism to the oft abused
 31           "permissive" mode of other systems.      30           "permissive" mode of other systems.
 32           If you are unsure how to answer this     31           If you are unsure how to answer this question, answer N.
 33                                                    32 
 34 config SECURITY_SMACK_NETFILTER                    33 config SECURITY_SMACK_NETFILTER
 35         bool "Packet marking using secmarks fo     34         bool "Packet marking using secmarks for netfilter"
 36         depends on SECURITY_SMACK                  35         depends on SECURITY_SMACK
 37         depends on NETWORK_SECMARK                 36         depends on NETWORK_SECMARK
 38         depends on NETFILTER                       37         depends on NETFILTER
 39         default n                                  38         default n
 40         help                                       39         help
 41           This enables security marking of net     40           This enables security marking of network packets using
 42           Smack labels.                            41           Smack labels.
 43           If you are unsure how to answer this     42           If you are unsure how to answer this question, answer N.
 44                                                    43 
 45 config SECURITY_SMACK_APPEND_SIGNALS               44 config SECURITY_SMACK_APPEND_SIGNALS
 46         bool "Treat delivering signals as an a     45         bool "Treat delivering signals as an append operation"
 47         depends on SECURITY_SMACK                  46         depends on SECURITY_SMACK
 48         default n                                  47         default n
 49         help                                       48         help
 50           Sending a signal has been treated as     49           Sending a signal has been treated as a write operation to the
 51           receiving process. If this option is     50           receiving process. If this option is selected, the delivery
 52           will be an append operation instead.     51           will be an append operation instead. This makes it possible
 53           to differentiate between delivering      52           to differentiate between delivering a network packet and
 54           delivering a signal in the Smack rul     53           delivering a signal in the Smack rules.
 55           If you are unsure how to answer this     54           If you are unsure how to answer this question, answer N.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php