Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
00d7d6f8 KT |
2 | config SECURITY_TOMOYO |
3 | bool "TOMOYO Linux Support" | |
4 | depends on SECURITY | |
059d84db | 5 | depends on NET |
00d7d6f8 KT |
6 | select SECURITYFS |
7 | select SECURITY_PATH | |
059d84db | 8 | select SECURITY_NETWORK |
83fe27ea | 9 | select SRCU |
7e114bbf | 10 | select BUILD_BIN2C |
00d7d6f8 KT |
11 | default n |
12 | help | |
13 | This selects TOMOYO Linux, pathname-based access control. | |
14 | Required userspace tools and further information may be | |
15 | found at <http://tomoyo.sourceforge.jp/>. | |
16 | If you are unsure how to answer this question, answer N. | |
0e4ae0e0 TH |
17 | |
18 | config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY | |
19 | int "Default maximal count for learning mode" | |
20 | default 2048 | |
21 | range 0 2147483647 | |
22 | depends on SECURITY_TOMOYO | |
23 | help | |
24 | This is the default value for maximal ACL entries | |
25 | that are automatically appended into policy at "learning mode". | |
26 | Some programs access thousands of objects, so running | |
27 | such programs in "learning mode" dulls the system response | |
28 | and consumes much memory. | |
29 | This is the safeguard for such programs. | |
30 | ||
31 | config SECURITY_TOMOYO_MAX_AUDIT_LOG | |
32 | int "Default maximal count for audit log" | |
33 | default 1024 | |
34 | range 0 2147483647 | |
35 | depends on SECURITY_TOMOYO | |
36 | help | |
37 | This is the default value for maximal entries for | |
38 | audit logs that the kernel can hold on memory. | |
39 | You can read the log via /sys/kernel/security/tomoyo/audit. | |
40 | If you don't need audit logs, you may set this value to 0. | |
41 | ||
42 | config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
43 | bool "Activate without calling userspace policy loader." | |
44 | default n | |
45 | depends on SECURITY_TOMOYO | |
46 | ---help--- | |
47 | Say Y here if you want to activate access control as soon as built-in | |
48 | policy was loaded. This option will be useful for systems where | |
49 | operations which can lead to the hijacking of the boot sequence are | |
50 | needed before loading the policy. For example, you can activate | |
51 | immediately after loading the fixed part of policy which will allow | |
52 | only operations needed for mounting a partition which contains the | |
53 | variant part of policy and verifying (e.g. running GPG check) and | |
54 | loading the variant part of policy. Since you can start using | |
55 | enforcing mode from the beginning, you can reduce the possibility of | |
56 | hijacking the boot sequence. | |
57 | ||
58 | config SECURITY_TOMOYO_POLICY_LOADER | |
59 | string "Location of userspace policy loader" | |
60 | default "/sbin/tomoyo-init" | |
61 | depends on SECURITY_TOMOYO | |
62 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
63 | ---help--- | |
64 | This is the default pathname of policy loader which is called before | |
65 | activation. You can override this setting via TOMOYO_loader= kernel | |
66 | command line option. | |
67 | ||
68 | config SECURITY_TOMOYO_ACTIVATION_TRIGGER | |
69 | string "Trigger for calling userspace policy loader" | |
70 | default "/sbin/init" | |
71 | depends on SECURITY_TOMOYO | |
72 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
73 | ---help--- | |
74 | This is the default pathname of activation trigger. | |
75 | You can override this setting via TOMOYO_trigger= kernel command line | |
76 | option. For example, if you pass init=/bin/systemd option, you may | |
77 | want to also pass TOMOYO_trigger=/bin/systemd option. | |
e80b1859 TH |
78 | |
79 | config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING | |
80 | bool "Use insecure built-in settings for fuzzing tests." | |
81 | default n | |
82 | depends on SECURITY_TOMOYO | |
83 | select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | |
84 | help | |
85 | Enabling this option forces minimal built-in policy and disables | |
86 | domain/program checks for run-time policy modifications. Please enable | |
87 | this option only if this kernel is built for doing fuzzing tests. |