2019-05-19 12:07:45 +00:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2009-02-05 08:18:17 +00:00
|
|
|
config SECURITY_TOMOYO
|
|
|
|
bool "TOMOYO Linux Support"
|
|
|
|
depends on SECURITY
|
2011-09-10 06:23:54 +00:00
|
|
|
depends on NET
|
2009-02-05 08:18:17 +00:00
|
|
|
select SECURITYFS
|
|
|
|
select SECURITY_PATH
|
2011-09-10 06:23:54 +00:00
|
|
|
select SECURITY_NETWORK
|
2009-02-05 08:18:17 +00:00
|
|
|
default n
|
|
|
|
help
|
|
|
|
This selects TOMOYO Linux, pathname-based access control.
|
|
|
|
Required userspace tools and further information may be
|
2024-06-03 13:43:11 +00:00
|
|
|
found at <https://tomoyo.sourceforge.net/>.
|
2009-02-05 08:18:17 +00:00
|
|
|
If you are unsure how to answer this question, answer N.
|
2011-06-26 14:22:59 +00:00
|
|
|
|
|
|
|
config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
|
|
|
|
int "Default maximal count for learning mode"
|
|
|
|
default 2048
|
|
|
|
range 0 2147483647
|
|
|
|
depends on SECURITY_TOMOYO
|
|
|
|
help
|
|
|
|
This is the default value for maximal ACL entries
|
|
|
|
that are automatically appended into policy at "learning mode".
|
|
|
|
Some programs access thousands of objects, so running
|
|
|
|
such programs in "learning mode" dulls the system response
|
|
|
|
and consumes much memory.
|
|
|
|
This is the safeguard for such programs.
|
|
|
|
|
|
|
|
config SECURITY_TOMOYO_MAX_AUDIT_LOG
|
|
|
|
int "Default maximal count for audit log"
|
|
|
|
default 1024
|
|
|
|
range 0 2147483647
|
|
|
|
depends on SECURITY_TOMOYO
|
|
|
|
help
|
|
|
|
This is the default value for maximal entries for
|
|
|
|
audit logs that the kernel can hold on memory.
|
|
|
|
You can read the log via /sys/kernel/security/tomoyo/audit.
|
|
|
|
If you don't need audit logs, you may set this value to 0.
|
|
|
|
|
|
|
|
config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
|
|
|
|
bool "Activate without calling userspace policy loader."
|
|
|
|
default n
|
|
|
|
depends on SECURITY_TOMOYO
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2011-06-26 14:22:59 +00:00
|
|
|
Say Y here if you want to activate access control as soon as built-in
|
|
|
|
policy was loaded. This option will be useful for systems where
|
|
|
|
operations which can lead to the hijacking of the boot sequence are
|
|
|
|
needed before loading the policy. For example, you can activate
|
|
|
|
immediately after loading the fixed part of policy which will allow
|
|
|
|
only operations needed for mounting a partition which contains the
|
|
|
|
variant part of policy and verifying (e.g. running GPG check) and
|
|
|
|
loading the variant part of policy. Since you can start using
|
|
|
|
enforcing mode from the beginning, you can reduce the possibility of
|
|
|
|
hijacking the boot sequence.
|
|
|
|
|
|
|
|
config SECURITY_TOMOYO_POLICY_LOADER
|
|
|
|
string "Location of userspace policy loader"
|
|
|
|
default "/sbin/tomoyo-init"
|
|
|
|
depends on SECURITY_TOMOYO
|
|
|
|
depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2011-06-26 14:22:59 +00:00
|
|
|
This is the default pathname of policy loader which is called before
|
|
|
|
activation. You can override this setting via TOMOYO_loader= kernel
|
|
|
|
command line option.
|
|
|
|
|
|
|
|
config SECURITY_TOMOYO_ACTIVATION_TRIGGER
|
|
|
|
string "Trigger for calling userspace policy loader"
|
|
|
|
default "/sbin/init"
|
|
|
|
depends on SECURITY_TOMOYO
|
|
|
|
depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2011-06-26 14:22:59 +00:00
|
|
|
This is the default pathname of activation trigger.
|
|
|
|
You can override this setting via TOMOYO_trigger= kernel command line
|
|
|
|
option. For example, if you pass init=/bin/systemd option, you may
|
|
|
|
want to also pass TOMOYO_trigger=/bin/systemd option.
|
2019-04-12 11:04:54 +00:00
|
|
|
|
|
|
|
config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
|
|
|
|
bool "Use insecure built-in settings for fuzzing tests."
|
|
|
|
default n
|
|
|
|
depends on SECURITY_TOMOYO
|
|
|
|
select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
|
|
|
|
help
|
|
|
|
Enabling this option forces minimal built-in policy and disables
|
|
|
|
domain/program checks for run-time policy modifications. Please enable
|
|
|
|
this option only if this kernel is built for doing fuzzing tests.
|