1 # SPDX-License-Identifier: GPL-2.0-only
3 bool "Simplified Mandatory Access Control Kernel Support"
8 select SECURITY_NETWORK
11 This selects the Simplified Mandatory Access Control Kernel.
12 Smack is useful for sensitivity, integrity, and a variety
13 of other mandatory security schemes.
14 If you are unsure how to answer this question, answer N.
16 config SECURITY_SMACK_BRINGUP
17 bool "Reporting on access granted by Smack rules"
18 depends on SECURITY_SMACK
21 Enable the bring-up ("b") access mode in Smack rules.
22 When access is granted by a rule with the "b" mode a
23 message about the access requested is generated. The
24 intention is that a process can be granted a wide set
25 of access initially with the bringup mode set on the
26 rules. The developer can use the information to
27 identify which rules are necessary and what accesses
28 may be inappropriate. The developer can reduce the
29 access rule set once the behavior is well understood.
30 This is a superior mechanism to the oft abused
31 "permissive" mode of other systems.
32 If you are unsure how to answer this question, answer N.
34 config SECURITY_SMACK_NETFILTER
35 bool "Packet marking using secmarks for netfilter"
36 depends on SECURITY_SMACK
37 depends on NETWORK_SECMARK
41 This enables security marking of network packets using
43 If you are unsure how to answer this question, answer N.
45 config SECURITY_SMACK_APPEND_SIGNALS
46 bool "Treat delivering signals as an append operation"
47 depends on SECURITY_SMACK
50 Sending a signal has been treated as a write operation to the
51 receiving process. If this option is selected, the delivery
52 will be an append operation instead. This makes it possible
53 to differentiate between delivering a network packet and
54 delivering a signal in the Smack rules.
55 If you are unsure how to answer this question, answer N.
projects / linux-2.6-microblaze.git / blob