| 1 |
config CCSECURITY |
| 2 |
bool "CCSecurity support" |
| 3 |
default y |
| 4 |
help |
| 5 |
Say Y here to support non-LSM version of TOMOYO Linux. |
| 6 |
http://tomoyo.sourceforge.jp/ |
| 7 |
|
| 8 |
config CCSECURITY_LKM |
| 9 |
bool "Compile as loadable kernel module" |
| 10 |
default n |
| 11 |
depends on CCSECURITY && MODULES |
| 12 |
help |
| 13 |
This version of TOMOYO depends on patching the kernel source in order |
| 14 |
to insert some hooks which LSM does not provide. Therefore, |
| 15 |
recompiling the kernel is inevitable. But if you want to keep |
| 16 |
vmlinux's size as small as possible, you can compile most part of |
| 17 |
TOMOYO as a loadable kernel module by saying Y here. |
| 18 |
|
| 19 |
config CCSECURITY_DISABLE_BY_DEFAULT |
| 20 |
bool "Disable by default" |
| 21 |
default n |
| 22 |
depends on CCSECURITY |
| 23 |
help |
| 24 |
Say Y here if you want TOMOYO disabled by default. |
| 25 |
To enable TOMOYO, pass ccsecurity=on to kernel command line. |
| 26 |
To disable TOMOYO, pass ccsecurity=off to kernel command line. |
| 27 |
|
| 28 |
config CCSECURITY_USE_EXTERNAL_TASK_SECURITY |
| 29 |
bool "Do not modify 'struct task_struct' in order to keep KABI" |
| 30 |
default n |
| 31 |
depends on CCSECURITY |
| 32 |
help |
| 33 |
Say Y here if you want to keep KABI for prebuilt kernel modules |
| 34 |
unchanged. TOMOYO needs "struct ccs_domain_info *" and "u32" for each |
| 35 |
"struct task_struct". But embedding these variables into |
| 36 |
"struct task_struct" breaks KABI for prebuilt kernel modules (which |
| 37 |
means that you will need to rebuild prebuilt kernel modules). |
| 38 |
If you say Y here, these variables are managed outside |
| 39 |
"struct task_struct" rather than embedding into "struct task_struct", |
| 40 |
but accessing these variables becomes slower because lookup operation |
| 41 |
is performed every time the current thread needs to access them. |
| 42 |
|
| 43 |
config CCSECURITY_MAX_ACCEPT_ENTRY |
| 44 |
int "Default maximal count for learning mode" |
| 45 |
default 2048 |
| 46 |
range 0 2147483647 |
| 47 |
depends on CCSECURITY |
| 48 |
help |
| 49 |
This is the default value for maximal ACL entries |
| 50 |
that are automatically appended into policy at "learning mode". |
| 51 |
Some programs access thousands of objects, so running |
| 52 |
such programs in "learning mode" dulls the system response |
| 53 |
and consumes much memory. |
| 54 |
This is the safeguard for such programs. |
| 55 |
|
| 56 |
config CCSECURITY_MAX_AUDIT_LOG |
| 57 |
int "Default maximal count for audit log" |
| 58 |
default 1024 |
| 59 |
range 0 2147483647 |
| 60 |
depends on CCSECURITY |
| 61 |
help |
| 62 |
This is the default value for maximal entries for |
| 63 |
audit logs that the kernel can hold on memory. |
| 64 |
You can read the log via /proc/ccs/audit. |
| 65 |
If you don't need audit logs, you may set this value to 0. |
| 66 |
|
| 67 |
config CCSECURITY_OMIT_USERSPACE_LOADER |
| 68 |
bool "Activate without calling userspace policy loader." |
| 69 |
default n |
| 70 |
depends on CCSECURITY |
| 71 |
---help--- |
| 72 |
Say Y here if you want to activate access control as soon as built-in |
| 73 |
policy was loaded. This option will be useful for systems where |
| 74 |
operations which can lead to the hijacking of the boot sequence are |
| 75 |
needed before loading the policy. For example, you can activate |
| 76 |
immediately after loading the fixed part of policy which will allow |
| 77 |
only operations needed for mounting a partition which contains the |
| 78 |
variant part of policy and verifying (e.g. running GPG check) and |
| 79 |
loading the variant part of policy. Since you can start using |
| 80 |
enforcing mode from the beginning, you can reduce the possibility of |
| 81 |
hijacking the boot sequence. |
| 82 |
|
| 83 |
If you say Y to both "Compile as loadable kernel module" option and |
| 84 |
"Activate without calling userspace policy loader." option, be sure |
| 85 |
to excplicitly load the kernel module from the userspace, for |
| 86 |
the kernel will not call /sbin/ccs-init when /sbin/init starts. |
| 87 |
|
| 88 |
config CCSECURITY_POLICY_LOADER |
| 89 |
string "Location of userspace policy loader" |
| 90 |
default "/sbin/ccs-init" |
| 91 |
depends on CCSECURITY |
| 92 |
depends on !CCSECURITY_OMIT_USERSPACE_LOADER |
| 93 |
---help--- |
| 94 |
This is the default pathname of policy loader which is called before |
| 95 |
activation. You can override this setting via CCS_loader= kernel |
| 96 |
command line option. |
| 97 |
|
| 98 |
config CCSECURITY_ACTIVATION_TRIGGER |
| 99 |
string "Trigger for calling userspace policy loader" |
| 100 |
default "/sbin/init" |
| 101 |
depends on CCSECURITY |
| 102 |
depends on !CCSECURITY_OMIT_USERSPACE_LOADER |
| 103 |
---help--- |
| 104 |
This is the default pathname of activation trigger. |
| 105 |
You can override this setting via CCS_trigger= kernel command line |
| 106 |
option. For example, if you pass init=/bin/systemd option, you may |
| 107 |
want to also pass CCS_trigger=/bin/systemd option. |
TOMOYO
Parent Directory
Revision Log