linux/security/Kconfig
<<
>>
Prefs
   1#
   2# Security configuration
   3#
   4
   5menu "Security options"
   6
   7source security/keys/Kconfig
   8
   9config SECURITY_DMESG_RESTRICT
  10        bool "Restrict unprivileged access to the kernel syslog"
  11        default n
  12        help
  13          This enforces restrictions on unprivileged users reading the kernel
  14          syslog via dmesg(8).
  15
  16          If this option is not selected, no restrictions will be enforced
  17          unless the dmesg_restrict sysctl is explicitly set to (1).
  18
  19          If you are unsure how to answer this question, answer N.
  20
  21config SECURITY
  22        bool "Enable different security models"
  23        depends on SYSFS
  24        depends on MULTIUSER
  25        help
  26          This allows you to choose different security modules to be
  27          configured into your kernel.
  28
  29          If this option is not selected, the default Linux security
  30          model will be used.
  31
  32          If you are unsure how to answer this question, answer N.
  33
  34config SECURITY_WRITABLE_HOOKS
  35        depends on SECURITY
  36        bool
  37        default n
  38
  39config SECURITYFS
  40        bool "Enable the securityfs filesystem"
  41        help
  42          This will build the securityfs filesystem.  It is currently used by
  43          the TPM bios character driver and IMA, an integrity provider.  It is
  44          not used by SELinux or SMACK.
  45
  46          If you are unsure how to answer this question, answer N.
  47
  48config SECURITY_NETWORK
  49        bool "Socket and Networking Security Hooks"
  50        depends on SECURITY
  51        help
  52          This enables the socket and networking security hooks.
  53          If enabled, a security module can use these hooks to
  54          implement socket and networking access controls.
  55          If you are unsure how to answer this question, answer N.
  56
  57config PAGE_TABLE_ISOLATION
  58        bool "Remove the kernel mapping in user mode"
  59        default y
  60        depends on (X86_64 || X86_PAE) && !UML
  61        help
  62          This feature reduces the number of hardware side channels by
  63          ensuring that the majority of kernel addresses are not mapped
  64          into userspace.
  65
  66          See Documentation/x86/pti.txt for more details.
  67
  68config SECURITY_INFINIBAND
  69        bool "Infiniband Security Hooks"
  70        depends on SECURITY && INFINIBAND
  71        help
  72          This enables the Infiniband security hooks.
  73          If enabled, a security module can use these hooks to
  74          implement Infiniband access controls.
  75          If you are unsure how to answer this question, answer N.
  76
  77config SECURITY_NETWORK_XFRM
  78        bool "XFRM (IPSec) Networking Security Hooks"
  79        depends on XFRM && SECURITY_NETWORK
  80        help
  81          This enables the XFRM (IPSec) networking security hooks.
  82          If enabled, a security module can use these hooks to
  83          implement per-packet access controls based on labels
  84          derived from IPSec policy.  Non-IPSec communications are
  85          designated as unlabelled, and only sockets authorized
  86          to communicate unlabelled data can send without using
  87          IPSec.
  88          If you are unsure how to answer this question, answer N.
  89
  90config SECURITY_PATH
  91        bool "Security hooks for pathname based access control"
  92        depends on SECURITY
  93        help
  94          This enables the security hooks for pathname based access control.
  95          If enabled, a security module can use these hooks to
  96          implement pathname based access controls.
  97          If you are unsure how to answer this question, answer N.
  98
  99config INTEL_TXT
 100        bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
 101        depends on HAVE_INTEL_TXT
 102        help
 103          This option enables support for booting the kernel with the
 104          Trusted Boot (tboot) module. This will utilize
 105          Intel(R) Trusted Execution Technology to perform a measured launch
 106          of the kernel. If the system does not support Intel(R) TXT, this
 107          will have no effect.
 108
 109          Intel TXT will provide higher assurance of system configuration and
 110          initial state as well as data reset protection.  This is used to
 111          create a robust initial kernel measurement and verification, which
 112          helps to ensure that kernel security mechanisms are functioning
 113          correctly. This level of protection requires a root of trust outside
 114          of the kernel itself.
 115
 116          Intel TXT also helps solve real end user concerns about having
 117          confidence that their hardware is running the VMM or kernel that
 118          it was configured with, especially since they may be responsible for
 119          providing such assurances to VMs and services running on it.
 120
 121          See <http://www.intel.com/technology/security/> for more information
 122          about Intel(R) TXT.
 123          See <http://tboot.sourceforge.net> for more information about tboot.
 124          See Documentation/intel_txt.txt for a description of how to enable
 125          Intel TXT support in a kernel boot.
 126
 127          If you are unsure as to whether this is required, answer N.
 128
 129config LSM_MMAP_MIN_ADDR
 130        int "Low address space for LSM to protect from user allocation"
 131        depends on SECURITY && SECURITY_SELINUX
 132        default 32768 if ARM || (ARM64 && COMPAT)
 133        default 65536
 134        help
 135          This is the portion of low virtual memory which should be protected
 136          from userspace allocation.  Keeping a user from writing to low pages
 137          can help reduce the impact of kernel NULL pointer bugs.
 138
 139          For most ia64, ppc64 and x86 users with lots of address space
 140          a value of 65536 is reasonable and should cause no problems.
 141          On arm and other archs it should not be higher than 32768.
 142          Programs which use vm86 functionality or have some need to map
 143          this low address space will need the permission specific to the
 144          systems running LSM.
 145
 146config HAVE_HARDENED_USERCOPY_ALLOCATOR
 147        bool
 148        help
 149          The heap allocator implements __check_heap_object() for
 150          validating memory ranges against heap object sizes in
 151          support of CONFIG_HARDENED_USERCOPY.
 152
 153config HARDENED_USERCOPY
 154        bool "Harden memory copies between kernel and userspace"
 155        depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
 156        imply STRICT_DEVMEM
 157        help
 158          This option checks for obviously wrong memory regions when
 159          copying memory to/from the kernel (via copy_to_user() and
 160          copy_from_user() functions) by rejecting memory ranges that
 161          are larger than the specified heap object, span multiple
 162          separately allocated pages, are not on the process stack,
 163          or are part of the kernel text. This kills entire classes
 164          of heap overflow exploits and similar kernel memory exposures.
 165
 166config HARDENED_USERCOPY_FALLBACK
 167        bool "Allow usercopy whitelist violations to fallback to object size"
 168        depends on HARDENED_USERCOPY
 169        default y
 170        help
 171          This is a temporary option that allows missing usercopy whitelists
 172          to be discovered via a WARN() to the kernel log, instead of
 173          rejecting the copy, falling back to non-whitelisted hardened
 174          usercopy that checks the slab allocation size instead of the
 175          whitelist size. This option will be removed once it seems like
 176          all missing usercopy whitelists have been identified and fixed.
 177          Booting with "slab_common.usercopy_fallback=Y/N" can change
 178          this setting.
 179
 180config HARDENED_USERCOPY_PAGESPAN
 181        bool "Refuse to copy allocations that span multiple pages"
 182        depends on HARDENED_USERCOPY
 183        depends on EXPERT
 184        help
 185          When a multi-page allocation is done without __GFP_COMP,
 186          hardened usercopy will reject attempts to copy it. There are,
 187          however, several cases of this in the kernel that have not all
 188          been removed. This config is intended to be used only while
 189          trying to find such users.
 190
 191config FORTIFY_SOURCE
 192        bool "Harden common str/mem functions against buffer overflows"
 193        depends on ARCH_HAS_FORTIFY_SOURCE
 194        help
 195          Detect overflows of buffers in common string and memory functions
 196          where the compiler can determine and validate the buffer sizes.
 197
 198config STATIC_USERMODEHELPER
 199        bool "Force all usermode helper calls through a single binary"
 200        help
 201          By default, the kernel can call many different userspace
 202          binary programs through the "usermode helper" kernel
 203          interface.  Some of these binaries are statically defined
 204          either in the kernel code itself, or as a kernel configuration
 205          option.  However, some of these are dynamically created at
 206          runtime, or can be modified after the kernel has started up.
 207          To provide an additional layer of security, route all of these
 208          calls through a single executable that can not have its name
 209          changed.
 210
 211          Note, it is up to this single binary to then call the relevant
 212          "real" usermode helper binary, based on the first argument
 213          passed to it.  If desired, this program can filter and pick
 214          and choose what real programs are called.
 215
 216          If you wish for all usermode helper programs are to be
 217          disabled, choose this option and then set
 218          STATIC_USERMODEHELPER_PATH to an empty string.
 219
 220config STATIC_USERMODEHELPER_PATH
 221        string "Path to the static usermode helper binary"
 222        depends on STATIC_USERMODEHELPER
 223        default "/sbin/usermode-helper"
 224        help
 225          The binary called by the kernel when any usermode helper
 226          program is wish to be run.  The "real" application's name will
 227          be in the first argument passed to this program on the command
 228          line.
 229
 230          If you wish for all usermode helper programs to be disabled,
 231          specify an empty string here (i.e. "").
 232
 233source security/selinux/Kconfig
 234source security/smack/Kconfig
 235source security/tomoyo/Kconfig
 236source security/apparmor/Kconfig
 237source security/loadpin/Kconfig
 238source security/yama/Kconfig
 239
 240source security/integrity/Kconfig
 241
 242choice
 243        prompt "Default security module"
 244        default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
 245        default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
 246        default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
 247        default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
 248        default DEFAULT_SECURITY_DAC
 249
 250        help
 251          Select the security module that will be used by default if the
 252          kernel parameter security= is not specified.
 253
 254        config DEFAULT_SECURITY_SELINUX
 255                bool "SELinux" if SECURITY_SELINUX=y
 256
 257        config DEFAULT_SECURITY_SMACK
 258                bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
 259
 260        config DEFAULT_SECURITY_TOMOYO
 261                bool "TOMOYO" if SECURITY_TOMOYO=y
 262
 263        config DEFAULT_SECURITY_APPARMOR
 264                bool "AppArmor" if SECURITY_APPARMOR=y
 265
 266        config DEFAULT_SECURITY_DAC
 267                bool "Unix Discretionary Access Controls"
 268
 269endchoice
 270
 271config DEFAULT_SECURITY
 272        string
 273        default "selinux" if DEFAULT_SECURITY_SELINUX
 274        default "smack" if DEFAULT_SECURITY_SMACK
 275        default "tomoyo" if DEFAULT_SECURITY_TOMOYO
 276        default "apparmor" if DEFAULT_SECURITY_APPARMOR
 277        default "" if DEFAULT_SECURITY_DAC
 278
 279endmenu
 280
 281