summaryrefslogtreecommitdiffstats
path: root/security/smack/Kconfig
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-11 08:27:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-11 08:27:49 +0000
commitace9429bb58fd418f0c81d4c2835699bddf6bde6 (patch)
treeb2d64bc10158fdd5497876388cd68142ca374ed3 /security/smack/Kconfig
parentInitial commit. (diff)
downloadlinux-ace9429bb58fd418f0c81d4c2835699bddf6bde6.tar.xz
linux-ace9429bb58fd418f0c81d4c2835699bddf6bde6.zip
Adding upstream version 6.6.15.upstream/6.6.15
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/smack/Kconfig')
-rw-r--r--security/smack/Kconfig55
1 files changed, 55 insertions, 0 deletions
diff --git a/security/smack/Kconfig b/security/smack/Kconfig
new file mode 100644
index 0000000000..5a8dfad469
--- /dev/null
+++ b/security/smack/Kconfig
@@ -0,0 +1,55 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config SECURITY_SMACK
+ bool "Simplified Mandatory Access Control Kernel Support"
+ depends on NET
+ depends on INET
+ depends on SECURITY
+ select NETLABEL
+ select SECURITY_NETWORK
+ default n
+ help
+ This selects the Simplified Mandatory Access Control Kernel.
+ Smack is useful for sensitivity, integrity, and a variety
+ of other mandatory security schemes.
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_SMACK_BRINGUP
+ bool "Reporting on access granted by Smack rules"
+ depends on SECURITY_SMACK
+ default n
+ help
+ Enable the bring-up ("b") access mode in Smack rules.
+ When access is granted by a rule with the "b" mode a
+ message about the access requested is generated. The
+ intention is that a process can be granted a wide set
+ of access initially with the bringup mode set on the
+ rules. The developer can use the information to
+ identify which rules are necessary and what accesses
+ may be inappropriate. The developer can reduce the
+ access rule set once the behavior is well understood.
+ This is a superior mechanism to the oft abused
+ "permissive" mode of other systems.
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_SMACK_NETFILTER
+ bool "Packet marking using secmarks for netfilter"
+ depends on SECURITY_SMACK
+ depends on NETWORK_SECMARK
+ depends on NETFILTER
+ default n
+ help
+ This enables security marking of network packets using
+ Smack labels.
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_SMACK_APPEND_SIGNALS
+ bool "Treat delivering signals as an append operation"
+ depends on SECURITY_SMACK
+ default n
+ help
+ Sending a signal has been treated as a write operation to the
+ receiving process. If this option is selected, the delivery
+ will be an append operation instead. This makes it possible
+ to differentiate between delivering a network packet and
+ delivering a signal in the Smack rules.
+ If you are unsure how to answer this question, answer N.