^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) # Security configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) menu "Security options"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) source "security/keys/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) config SECURITY_DMESG_RESTRICT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) bool "Restrict unprivileged access to the kernel syslog"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) This enforces restrictions on unprivileged users reading the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) syslog via dmesg(8).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) If this option is not selected, no restrictions will be enforced
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) unless the dmesg_restrict sysctl is explicitly set to (1).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) config SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) bool "Enable different security models"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) depends on SYSFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) depends on MULTIUSER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) This allows you to choose different security modules to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) configured into your kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) If this option is not selected, the default Linux security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) model will be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) config SECURITY_WRITABLE_HOOKS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) config SECURITYFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) bool "Enable the securityfs filesystem"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) This will build the securityfs filesystem. It is currently used by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) config SECURITY_NETWORK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) bool "Socket and Networking Security Hooks"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) This enables the socket and networking security hooks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) If enabled, a security module can use these hooks to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) implement socket and networking access controls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) config PAGE_TABLE_ISOLATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) bool "Remove the kernel mapping in user mode"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) depends on (X86_64 || X86_PAE) && !UML
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) This feature reduces the number of hardware side channels by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) ensuring that the majority of kernel addresses are not mapped
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) into userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) See Documentation/x86/pti.rst for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) config SECURITY_INFINIBAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) bool "Infiniband Security Hooks"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) depends on SECURITY && INFINIBAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) This enables the Infiniband security hooks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) If enabled, a security module can use these hooks to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) implement Infiniband access controls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) config SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) bool "XFRM (IPSec) Networking Security Hooks"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) depends on XFRM && SECURITY_NETWORK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) This enables the XFRM (IPSec) networking security hooks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) If enabled, a security module can use these hooks to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) implement per-packet access controls based on labels
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) derived from IPSec policy. Non-IPSec communications are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) designated as unlabelled, and only sockets authorized
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) to communicate unlabelled data can send without using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) IPSec.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) config SECURITY_PATH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) bool "Security hooks for pathname based access control"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) This enables the security hooks for pathname based access control.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) If enabled, a security module can use these hooks to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) implement pathname based access controls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) config INTEL_TXT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) depends on HAVE_INTEL_TXT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) This option enables support for booting the kernel with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) Trusted Boot (tboot) module. This will utilize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) Intel(R) Trusted Execution Technology to perform a measured launch
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) of the kernel. If the system does not support Intel(R) TXT, this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) will have no effect.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) Intel TXT will provide higher assurance of system configuration and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) initial state as well as data reset protection. This is used to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) create a robust initial kernel measurement and verification, which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) helps to ensure that kernel security mechanisms are functioning
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) correctly. This level of protection requires a root of trust outside
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) of the kernel itself.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) Intel TXT also helps solve real end user concerns about having
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) confidence that their hardware is running the VMM or kernel that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) it was configured with, especially since they may be responsible for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) providing such assurances to VMs and services running on it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) See <https://www.intel.com/technology/security/> for more information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) about Intel(R) TXT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) See <http://tboot.sourceforge.net> for more information about tboot.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) See Documentation/x86/intel_txt.rst for a description of how to enable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) Intel TXT support in a kernel boot.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) If you are unsure as to whether this is required, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) config LSM_MMAP_MIN_ADDR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) int "Low address space for LSM to protect from user allocation"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) depends on SECURITY && SECURITY_SELINUX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) default 32768 if ARM || (ARM64 && COMPAT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) default 65536
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) This is the portion of low virtual memory which should be protected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) from userspace allocation. Keeping a user from writing to low pages
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) can help reduce the impact of kernel NULL pointer bugs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) For most ia64, ppc64 and x86 users with lots of address space
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) a value of 65536 is reasonable and should cause no problems.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) On arm and other archs it should not be higher than 32768.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) Programs which use vm86 functionality or have some need to map
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) this low address space will need the permission specific to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) systems running LSM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) config HAVE_HARDENED_USERCOPY_ALLOCATOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) The heap allocator implements __check_heap_object() for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) validating memory ranges against heap object sizes in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) support of CONFIG_HARDENED_USERCOPY.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) config HARDENED_USERCOPY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) bool "Harden memory copies between kernel and userspace"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) imply STRICT_DEVMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) This option checks for obviously wrong memory regions when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) copying memory to/from the kernel (via copy_to_user() and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) copy_from_user() functions) by rejecting memory ranges that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) are larger than the specified heap object, span multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) separately allocated pages, are not on the process stack,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) or are part of the kernel text. This kills entire classes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) of heap overflow exploits and similar kernel memory exposures.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) config HARDENED_USERCOPY_FALLBACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) bool "Allow usercopy whitelist violations to fallback to object size"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) depends on HARDENED_USERCOPY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) This is a temporary option that allows missing usercopy whitelists
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) to be discovered via a WARN() to the kernel log, instead of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) rejecting the copy, falling back to non-whitelisted hardened
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) usercopy that checks the slab allocation size instead of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) whitelist size. This option will be removed once it seems like
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) all missing usercopy whitelists have been identified and fixed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) Booting with "slab_common.usercopy_fallback=Y/N" can change
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) this setting.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) config HARDENED_USERCOPY_PAGESPAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) bool "Refuse to copy allocations that span multiple pages"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) depends on HARDENED_USERCOPY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) depends on EXPERT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) When a multi-page allocation is done without __GFP_COMP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) hardened usercopy will reject attempts to copy it. There are,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) however, several cases of this in the kernel that have not all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) been removed. This config is intended to be used only while
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) trying to find such users.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) config FORTIFY_SOURCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) bool "Harden common str/mem functions against buffer overflows"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) depends on ARCH_HAS_FORTIFY_SOURCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) # https://bugs.llvm.org/show_bug.cgi?id=50322
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) # https://bugs.llvm.org/show_bug.cgi?id=41459
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) depends on !CC_IS_CLANG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) Detect overflows of buffers in common string and memory functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) where the compiler can determine and validate the buffer sizes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) config STATIC_USERMODEHELPER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) bool "Force all usermode helper calls through a single binary"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) By default, the kernel can call many different userspace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) binary programs through the "usermode helper" kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) interface. Some of these binaries are statically defined
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) either in the kernel code itself, or as a kernel configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) option. However, some of these are dynamically created at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) runtime, or can be modified after the kernel has started up.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) To provide an additional layer of security, route all of these
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) calls through a single executable that can not have its name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) changed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) Note, it is up to this single binary to then call the relevant
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) "real" usermode helper binary, based on the first argument
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) passed to it. If desired, this program can filter and pick
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) and choose what real programs are called.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) If you wish for all usermode helper programs are to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) disabled, choose this option and then set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) STATIC_USERMODEHELPER_PATH to an empty string.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) config STATIC_USERMODEHELPER_PATH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) string "Path to the static usermode helper binary"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) depends on STATIC_USERMODEHELPER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) default "/sbin/usermode-helper"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) The binary called by the kernel when any usermode helper
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) program is wish to be run. The "real" application's name will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) be in the first argument passed to this program on the command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) line.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) If you wish for all usermode helper programs to be disabled,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) specify an empty string here (i.e. "").
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) source "security/selinux/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) source "security/smack/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) source "security/tomoyo/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) source "security/apparmor/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) source "security/loadpin/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) source "security/yama/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) source "security/safesetid/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) source "security/lockdown/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) source "security/integrity/Kconfig"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) choice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) prompt "First legacy 'major LSM' to be initialized"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) default DEFAULT_SECURITY_DAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) This choice is there only for converting CONFIG_DEFAULT_SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) in old kernel configs to CONFIG_LSM in new kernel configs. Don't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) change this choice unless you are creating a fresh kernel config,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) for this choice will be ignored after CONFIG_LSM has been set.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) Selects the legacy "major security module" that will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) initialized first. Overridden by non-default CONFIG_LSM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) config DEFAULT_SECURITY_SELINUX
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) bool "SELinux" if SECURITY_SELINUX=y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) config DEFAULT_SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) config DEFAULT_SECURITY_TOMOYO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) bool "TOMOYO" if SECURITY_TOMOYO=y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) config DEFAULT_SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) bool "AppArmor" if SECURITY_APPARMOR=y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) config DEFAULT_SECURITY_DAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) bool "Unix Discretionary Access Controls"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) endchoice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) config LSM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) string "Ordered list of enabled LSMs"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) default "lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) A comma-separated list of LSMs, in initialization order.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) Any LSMs left off this list will be ignored. This can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) controlled at boot with the "lsm=" parameter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) If unsure, leave this as the default.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) source "security/Kconfig.hardening"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) endmenu
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298)
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags