linux/security/smack/Kconfig
<<
>>
Prefs 
   1# SPDX-License-Identifier: GPL-2.0-only
   2config SECURITY_SMACK
   3        bool "Simplified Mandatory Access Control Kernel Support"
   4        depends on NET
   5        depends on INET
   6        depends on SECURITY
   7        select NETLABEL
   8        select SECURITY_NETWORK
   9        default n
  10        help
  11          This selects the Simplified Mandatory Access Control Kernel.
  12          Smack is useful for sensitivity, integrity, and a variety
  13          of other mandatory security schemes.
  14          If you are unsure how to answer this question, answer N.
  15
  16config SECURITY_SMACK_BRINGUP
  17        bool "Reporting on access granted by Smack rules"
  18        depends on SECURITY_SMACK
  19        default n
  20        help
  21          Enable the bring-up ("b") access mode in Smack rules.
  22          When access is granted by a rule with the "b" mode a
  23          message about the access requested is generated. The
  24          intention is that a process can be granted a wide set
  25          of access initially with the bringup mode set on the
  26          rules. The developer can use the information to
  27          identify which rules are necessary and what accesses
  28          may be inappropriate. The developer can reduce the
  29          access rule set once the behavior is well understood.
  30          This is a superior mechanism to the oft abused
  31          "permissive" mode of other systems.
  32          If you are unsure how to answer this question, answer N.
  33
  34config SECURITY_SMACK_NETFILTER
  35        bool "Packet marking using secmarks for netfilter"
  36        depends on SECURITY_SMACK
  37        depends on NETWORK_SECMARK
  38        depends on NETFILTER
  39        default n
  40        help
  41          This enables security marking of network packets using
  42          Smack labels.
  43          If you are unsure how to answer this question, answer N.
  44
  45config SECURITY_SMACK_APPEND_SIGNALS
  46        bool "Treat delivering signals as an append operation"
  47        depends on SECURITY_SMACK
  48        default n
  49        help
  50          Sending a signal has been treated as a write operation to the
  51          receiving process. If this option is selected, the delivery
  52          will be an append operation instead. This makes it possible
  53          to differentiate between delivering a network packet and
  54          delivering a signal in the Smack rules.
  55          If you are unsure how to answer this question, answer N.
  56
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.