1 config CCSECURITY 2 bool "CCSecurity support" 3 default y 4 help 5 Say Y here to support non-LSM version of TOMOYO Linux. 6 https://tomoyo.sourceforge.net/ 7 8 config CCSECURITY_LKM 9 bool "Compile as loadable kernel module" 10 default n 11 depends on CCSECURITY && MODULES 12 help 13 This version of TOMOYO depends on patching the kernel source in order 14 to insert some hooks which LSM does not provide. Therefore, 15 recompiling the kernel is inevitable. But if you want to keep 16 vmlinux's size as small as possible, you can compile most part of 17 TOMOYO as a loadable kernel module by saying Y here. 18 19 config CCSECURITY_DISABLE_BY_DEFAULT 20 bool "Disable by default" 21 default n 22 depends on CCSECURITY 23 help 24 Say Y here if you want TOMOYO disabled by default. 25 To enable TOMOYO, pass ccsecurity=on to kernel command line. 26 To disable TOMOYO, pass ccsecurity=off to kernel command line. 27 28 config CCSECURITY_USE_EXTERNAL_TASK_SECURITY 29 bool "Do not modify 'struct task_struct' in order to keep KABI" 30 default n 31 depends on CCSECURITY 32 help 33 Say Y here if you want to keep KABI for prebuilt kernel modules 34 unchanged. TOMOYO needs "struct ccs_domain_info *" and "u32" for each 35 "struct task_struct". But embedding these variables into 36 "struct task_struct" breaks KABI for prebuilt kernel modules (which 37 means that you will need to rebuild prebuilt kernel modules). 38 If you say Y here, these variables are managed outside 39 "struct task_struct" rather than embedding into "struct task_struct", 40 but accessing these variables becomes slower because lookup operation 41 is performed every time the current thread needs to access them. 42 43 config CCSECURITY_MAX_ACCEPT_ENTRY 44 int "Default maximal count for learning mode" 45 default 2048 46 range 0 2147483647 47 depends on CCSECURITY 48 help 49 This is the default value for maximal ACL entries 50 that are automatically appended into policy at "learning mode". 51 Some programs access thousands of objects, so running 52 such programs in "learning mode" dulls the system response 53 and consumes much memory. 54 This is the safeguard for such programs. 55 56 config CCSECURITY_MAX_AUDIT_LOG 57 int "Default maximal count for audit log" 58 default 1024 59 range 0 2147483647 60 depends on CCSECURITY 61 help 62 This is the default value for maximal entries for 63 audit logs that the kernel can hold on memory. 64 You can read the log via /proc/ccs/audit. 65 If you don't need audit logs, you may set this value to 0. 66 67 config CCSECURITY_OMIT_USERSPACE_LOADER 68 bool "Activate without calling userspace policy loader." 69 default n 70 depends on CCSECURITY 71 help 72 Say Y here if you want to activate access control as soon as built-in 73 policy was loaded. This option will be useful for systems where 74 operations which can lead to the hijacking of the boot sequence are 75 needed before loading the policy. For example, you can activate 76 immediately after loading the fixed part of policy which will allow 77 only operations needed for mounting a partition which contains the 78 variant part of policy and verifying (e.g. running GPG check) and 79 loading the variant part of policy. Since you can start using 80 enforcing mode from the beginning, you can reduce the possibility of 81 hijacking the boot sequence. 82 83 If you say Y to both "Compile as loadable kernel module" option and 84 "Activate without calling userspace policy loader." option, be sure 85 to excplicitly load the kernel module from the userspace, for 86 the kernel will not call /sbin/ccs-init when /sbin/init starts. 87 88 config CCSECURITY_POLICY_LOADER 89 string "Location of userspace policy loader" 90 default "/sbin/ccs-init" 91 depends on CCSECURITY 92 depends on !CCSECURITY_OMIT_USERSPACE_LOADER 93 help 94 This is the default pathname of policy loader which is called before 95 activation. You can override this setting via CCS_loader= kernel 96 command line option. 97 98 config CCSECURITY_ACTIVATION_TRIGGER 99 string "Trigger for calling userspace policy loader" 100 default "/sbin/init" 101 depends on CCSECURITY 102 depends on !CCSECURITY_OMIT_USERSPACE_LOADER 103 help 104 This is the default pathname of activation trigger. 105 You can override this setting via CCS_trigger= kernel command line 106 option. For example, if you pass init=/bin/systemd option, you may 107 want to also pass CCS_trigger=/bin/systemd option. 108 109 Say Y here if you want to enable only specific functionality in order 110 to reduce object file size. 111 112 config CCSECURITY_FILE_READDIR 113 bool "Enable readdir operation restriction." 114 default y 115 depends on CCSECURITY 116 help 117 Say Y here if you want to enable analysis/restriction of opening 118 directories for reading. Reading directory entries is a commonly 119 requested operation and damage caused by not restricting it as MAC 120 might be acceptable for you. 121 122 config CCSECURITY_FILE_GETATTR 123 bool "Enable getattr operation restriction." 124 default y 125 depends on CCSECURITY 126 help 127 Say Y here if you want to enable analysis/restriction of getting 128 information of files. Getting file's information is a commonly 129 requested operation and damage caused by not restricting it as MAC 130 might be acceptable for you. 131 132 config CCSECURITY_NETWORK 133 bool "Enable socket operation restriction." 134 default y 135 depends on NET 136 depends on CCSECURITY 137 help 138 Say Y here if you want to enable analysis/restriction of INET and 139 UNIX domain socket's operations. 140 141 config CCSECURITY_CAPABILITY 142 bool "Enable non-POSIX capability operation restriction." 143 default y 144 depends on CCSECURITY 145 help 146 Say Y here if you want to enable analysis/restriction of non-POSIX 147 capabilities. 148 149 config CCSECURITY_IPC 150 bool "Enable IPC operation restriction." 151 default y 152 depends on CCSECURITY 153 help 154 Say Y here if you want to enable analysis/restriction of sending 155 signals. 156 157 config CCSECURITY_MISC 158 bool "Enable environment variable names restriction." 159 default y 160 depends on CCSECURITY 161 help 162 Say Y here if you want to enable analysis/restriction of environment 163 variable names passed upon program execution request. 164 165 config CCSECURITY_TASK_EXECUTE_HANDLER 166 bool "Enable execute handler functionality." 167 default y 168 depends on CCSECURITY 169 help 170 Say Y here if you want to enable execute handler functionality. 171 172 config CCSECURITY_TASK_DOMAIN_TRANSITION 173 bool "Enable domain transition without program execution request." 174 default y 175 depends on CCSECURITY 176 help 177 Say Y here if you want to enable domain transition without involving 178 program execution request. 179 180 config CCSECURITY_PORTRESERVE 181 bool "Enable local port reserver." 182 default y 183 depends on NET 184 depends on CCSECURITY 185 help 186 Say Y here if you want to implement 187 /proc/sys/net/ipv4/ip_local_reserved_ports as a MAC policy. 188 189 config CCSECURITY_NETWORK_RECVMSG 190 def_bool CCSECURITY_NETWORK
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.