Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/Kconfig

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/Kconfig




Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/Kconfig



 Parent Directory

|  Revision Log



|  Patch














revision 5103 by kumaneko,
Sat Jun  4 02:43:48 2011 UTC




revision 5104 by kumaneko,
Fri Jun 10 08:15:38 2011 UTC






#

Line 80 
 config CCSECURITY_OMIT_USERSPACE_LOADER


Line 80 
 config CCSECURITY_OMIT_USERSPACE_LOADER












80
           enforcing mode from the beginning, you can reduce the possibility of
           enforcing mode from the beginning, you can reduce the possibility of

















81
           hijacking the boot sequence.
           hijacking the boot sequence.

















82
 
 












83
 
           If you say Y to both "Compile as loadable kernel module" option and







84
 
           "Activate without calling userspace policy loader." option, be sure







85
 
           to excplicitly load the kernel module from the userspace, for







86
 
           the kernel will not call /sbin/ccs-init when /sbin/init starts.







87
 
 












88
 config CCSECURITY_POLICY_LOADER
 config CCSECURITY_POLICY_LOADER

















89
         string "Location of userspace policy loader"
         string "Location of userspace policy loader"

















90
         default "/sbin/ccs-init"
         default "/sbin/ccs-init"

















91
         depends on CCSECURITY
         depends on CCSECURITY

















92
         depends on !CCSECURITY_OMIT_USERSPACE_LOADER
         depends on !CCSECURITY_OMIT_USERSPACE_LOADER

















93
         ---help---
         ---help---















94


           This is the pathname of policy loader which is called before


           This is the default pathname of policy loader which is called before













95


           activation.


           activation. You can override this setting via CCS_loader= kernel













96


 


           command line option.















97
 
 

















98
 config CCSECURITY_ACTIVATION_TRIGGER
 config CCSECURITY_ACTIVATION_TRIGGER

















99
         string "Trigger for calling userspace policy loader"
         string "Trigger for calling userspace policy loader"











#

Line 95 
 config CCSECURITY_ACTIVATION_TRIGGER


Line 101 
 config CCSECURITY_ACTIVATION_TRIGGER












101
         depends on CCSECURITY
         depends on CCSECURITY

















102
         depends on !CCSECURITY_OMIT_USERSPACE_LOADER
         depends on !CCSECURITY_OMIT_USERSPACE_LOADER

















103
         ---help---
         ---help---















104


           Some environments do not have /sbin/init . In such environments,


           This is the default pathname of activation trigger.













105


           we need to use different program's pathname (e.g. /init or /linuxrc )


           You can override this setting via CCS_trigger= kernel command line













106


           as activation trigger.


           option. For example, if you pass init=/bin/systemd option, you may













107


 


           want to also pass CCS_trigger=/bin/systemd option.



























Legend:



Removed from v.5103
 


changed lines


 
Added in v.5104













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/Kconfig
-revision 5103 by kumaneko,
Sat Jun  4 02:43:48 2011 UTC
+revision 5104 by kumaneko,
Fri Jun 10 08:15:38 2011 UTC
 Line 80 
 config CCSECURITY_OMIT_USERSPACE_LOADER
            enforcing mode from the beginning, you can reduce the possibility of
            hijacking the boot sequence.
+           If you say Y to both "Compile as loadable kernel module" option and
+           "Activate without calling userspace policy loader." option, be sure
+           to excplicitly load the kernel module from the userspace, for
+           the kernel will not call /sbin/ccs-init when /sbin/init starts.
  config CCSECURITY_POLICY_LOADER
          string "Location of userspace policy loader"
          default "/sbin/ccs-init"
          depends on CCSECURITY
          depends on !CCSECURITY_OMIT_USERSPACE_LOADER
          ---help---
-           This is the pathname of policy loader which is called before
+           This is the default pathname of policy loader which is called before
-           activation.
+           activation. You can override this setting via CCS_loader= kernel
+           command line option.
  config CCSECURITY_ACTIVATION_TRIGGER
          string "Trigger for calling userspace policy loader"
-Line 95 
 config CCSECURITY_ACTIVATION_TRIGGER
+Line 101 
 config CCSECURITY_ACTIVATION_TRIGGER
          depends on CCSECURITY
          depends on !CCSECURITY_OMIT_USERSPACE_LOADER
          ---help---
-           Some environments do not have /sbin/init . In such environments,
+           This is the default pathname of activation trigger.
-           we need to use different program's pathname (e.g. /init or /linuxrc )
+           You can override this setting via CCS_trigger= kernel command line
-           as activation trigger.
+           option. For example, if you pass init=/bin/systemd option, you may
+           want to also pass CCS_trigger=/bin/systemd option.
 Legend:



Removed from v.5103
 


changed lines


 
Added in v.5104
 Legend:



Removed from v.5103
 


changed lines


 
Added in v.5104
-Removed from v.5103
+Added in v.5104
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照