projects / deliverable / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| e114e473 CS |
1 | config SECURITY_SMACK |
| 2 | bool "Simplified Mandatory Access Control Kernel Support" | |
| 111fe8bd CS |
3 | depends on NET |
| 4 | depends on INET | |
| 5 | depends on SECURITY | |
| 6 | select NETLABEL | |
| 7 | select SECURITY_NETWORK | |
| e114e473 CS |
8 | default n |
| 9 | help | |
| 10 | This selects the Simplified Mandatory Access Control Kernel. | |
| 11 | Smack is useful for sensitivity, integrity, and a variety | |
| 12 | of other mandatory security schemes. | |
| 13 | If you are unsure how to answer this question, answer N. | |
| 14 | ||
| d166c802 CS |
15 | config SECURITY_SMACK_BRINGUP |
| 16 | bool "Reporting on access granted by Smack rules" | |
| 17 | depends on SECURITY_SMACK | |
| 18 | default n | |
| 19 | help | |
| 20 | Enable the bring-up ("b") access mode in Smack rules. | |
| 21 | When access is granted by a rule with the "b" mode a | |
| 22 | message about the access requested is generated. The | |
| 23 | intention is that a process can be granted a wide set | |
| 24 | of access initially with the bringup mode set on the | |
| 25 | rules. The developer can use the information to | |
| 26 | identify which rules are necessary and what accesses | |
| 27 | may be inappropriate. The developer can reduce the | |
| 28 | access rule set once the behavior is well understood. | |
| 29 | This is a superior mechanism to the oft abused | |
| 30 | "permissive" mode of other systems. | |
| 69f287ae CS |
31 | If you are unsure how to answer this question, answer N. |
| 32 | ||
| 33 | config SECURITY_SMACK_NETFILTER | |
| 34 | bool "Packet marking using secmarks for netfilter" | |
| 35 | depends on SECURITY_SMACK | |
| 36 | depends on NETWORK_SECMARK | |
| 37 | depends on NETFILTER | |
| 38 | default n | |
| 39 | help | |
| 40 | This enables security marking of network packets using | |
| 41 | Smack labels. | |
| 42 | If you are unsure how to answer this question, answer N. |