1 # SPDX-License-Identifier: GPL-2.0-only <<
2 config SECURITY_SMACK 1 config SECURITY_SMACK
3 bool "Simplified Mandatory Access Cont 2 bool "Simplified Mandatory Access Control Kernel Support"
4 depends on NET 3 depends on NET
5 depends on INET 4 depends on INET
6 depends on SECURITY 5 depends on SECURITY
7 select NETLABEL 6 select NETLABEL
8 select SECURITY_NETWORK 7 select SECURITY_NETWORK
9 default n 8 default n
10 help 9 help
11 This selects the Simplified Mandator 10 This selects the Simplified Mandatory Access Control Kernel.
12 Smack is useful for sensitivity, int 11 Smack is useful for sensitivity, integrity, and a variety
13 of other mandatory security schemes. 12 of other mandatory security schemes.
14 If you are unsure how to answer this 13 If you are unsure how to answer this question, answer N.
15 14
16 config SECURITY_SMACK_BRINGUP 15 config SECURITY_SMACK_BRINGUP
17 bool "Reporting on access granted by S 16 bool "Reporting on access granted by Smack rules"
18 depends on SECURITY_SMACK 17 depends on SECURITY_SMACK
19 default n 18 default n
20 help 19 help
21 Enable the bring-up ("b") access mod 20 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule wit 21 When access is granted by a rule with the "b" mode a
23 message about the access requested i 22 message about the access requested is generated. The
24 intention is that a process can be g 23 intention is that a process can be granted a wide set
25 of access initially with the bringup 24 of access initially with the bringup mode set on the
26 rules. The developer can use the inf 25 rules. The developer can use the information to
27 identify which rules are necessary a 26 identify which rules are necessary and what accesses
28 may be inappropriate. The developer 27 may be inappropriate. The developer can reduce the
29 access rule set once the behavior is 28 access rule set once the behavior is well understood.
30 This is a superior mechanism to the 29 This is a superior mechanism to the oft abused
31 "permissive" mode of other systems. 30 "permissive" mode of other systems.
32 If you are unsure how to answer this 31 If you are unsure how to answer this question, answer N.
33 32
34 config SECURITY_SMACK_NETFILTER 33 config SECURITY_SMACK_NETFILTER
35 bool "Packet marking using secmarks fo 34 bool "Packet marking using secmarks for netfilter"
36 depends on SECURITY_SMACK 35 depends on SECURITY_SMACK
37 depends on NETWORK_SECMARK 36 depends on NETWORK_SECMARK
38 depends on NETFILTER 37 depends on NETFILTER
39 default n 38 default n
40 help 39 help
41 This enables security marking of net 40 This enables security marking of network packets using
42 Smack labels. 41 Smack labels.
43 If you are unsure how to answer this 42 If you are unsure how to answer this question, answer N.
44 43
45 config SECURITY_SMACK_APPEND_SIGNALS 44 config SECURITY_SMACK_APPEND_SIGNALS
46 bool "Treat delivering signals as an a 45 bool "Treat delivering signals as an append operation"
47 depends on SECURITY_SMACK 46 depends on SECURITY_SMACK
48 default n 47 default n
49 help 48 help
50 Sending a signal has been treated as 49 Sending a signal has been treated as a write operation to the
51 receiving process. If this option is 50 receiving process. If this option is selected, the delivery
52 will be an append operation instead. 51 will be an append operation instead. This makes it possible
53 to differentiate between delivering 52 to differentiate between delivering a network packet and
54 delivering a signal in the Smack rul 53 delivering a signal in the Smack rules.
55 If you are unsure how to answer this 54 If you are unsure how to answer this question, answer N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.