1 # SPDX-License-Identifier: GPL-2.0-only << 2 config SECURITY_SMACK 1 config SECURITY_SMACK 3 bool "Simplified Mandatory Access Cont 2 bool "Simplified Mandatory Access Control Kernel Support" 4 depends on NET 3 depends on NET 5 depends on INET 4 depends on INET 6 depends on SECURITY 5 depends on SECURITY 7 select NETLABEL 6 select NETLABEL 8 select SECURITY_NETWORK 7 select SECURITY_NETWORK 9 default n 8 default n 10 help 9 help 11 This selects the Simplified Mandator 10 This selects the Simplified Mandatory Access Control Kernel. 12 Smack is useful for sensitivity, int 11 Smack is useful for sensitivity, integrity, and a variety 13 of other mandatory security schemes. 12 of other mandatory security schemes. 14 If you are unsure how to answer this 13 If you are unsure how to answer this question, answer N. 15 14 16 config SECURITY_SMACK_BRINGUP 15 config SECURITY_SMACK_BRINGUP 17 bool "Reporting on access granted by S 16 bool "Reporting on access granted by Smack rules" 18 depends on SECURITY_SMACK 17 depends on SECURITY_SMACK 19 default n 18 default n 20 help 19 help 21 Enable the bring-up ("b") access mod 20 Enable the bring-up ("b") access mode in Smack rules. 22 When access is granted by a rule wit 21 When access is granted by a rule with the "b" mode a 23 message about the access requested i 22 message about the access requested is generated. The 24 intention is that a process can be g 23 intention is that a process can be granted a wide set 25 of access initially with the bringup 24 of access initially with the bringup mode set on the 26 rules. The developer can use the inf 25 rules. The developer can use the information to 27 identify which rules are necessary a 26 identify which rules are necessary and what accesses 28 may be inappropriate. The developer 27 may be inappropriate. The developer can reduce the 29 access rule set once the behavior is 28 access rule set once the behavior is well understood. 30 This is a superior mechanism to the 29 This is a superior mechanism to the oft abused 31 "permissive" mode of other systems. 30 "permissive" mode of other systems. 32 If you are unsure how to answer this 31 If you are unsure how to answer this question, answer N. 33 32 34 config SECURITY_SMACK_NETFILTER 33 config SECURITY_SMACK_NETFILTER 35 bool "Packet marking using secmarks fo 34 bool "Packet marking using secmarks for netfilter" 36 depends on SECURITY_SMACK 35 depends on SECURITY_SMACK 37 depends on NETWORK_SECMARK 36 depends on NETWORK_SECMARK 38 depends on NETFILTER 37 depends on NETFILTER 39 default n 38 default n 40 help 39 help 41 This enables security marking of net 40 This enables security marking of network packets using 42 Smack labels. 41 Smack labels. 43 If you are unsure how to answer this 42 If you are unsure how to answer this question, answer N. 44 43 45 config SECURITY_SMACK_APPEND_SIGNALS 44 config SECURITY_SMACK_APPEND_SIGNALS 46 bool "Treat delivering signals as an a 45 bool "Treat delivering signals as an append operation" 47 depends on SECURITY_SMACK 46 depends on SECURITY_SMACK 48 default n 47 default n 49 help 48 help 50 Sending a signal has been treated as 49 Sending a signal has been treated as a write operation to the 51 receiving process. If this option is 50 receiving process. If this option is selected, the delivery 52 will be an append operation instead. 51 will be an append operation instead. This makes it possible 53 to differentiate between delivering 52 to differentiate between delivering a network packet and 54 delivering a signal in the Smack rul 53 delivering a signal in the Smack rules. 55 If you are unsure how to answer this 54 If you are unsure how to answer this question, answer N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.