Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/lockdown/Kconfig 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) config SECURITY_LOCKDOWN_LSM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) 	bool "Basic module for enforcing kernel lockdown"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) 	depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 	select MODULE_SIG if MODULES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 	  Build support for an LSM that enforces a coarse kernel lockdown
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 	  behaviour.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) config SECURITY_LOCKDOWN_LSM_EARLY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 	bool "Enable lockdown LSM early in init"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	depends on SECURITY_LOCKDOWN_LSM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	  Enable the lockdown LSM early in boot. This is necessary in order
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	  to ensure that lockdown enforcement can be carried out on kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	  boot parameters that are otherwise parsed before the security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 	  subsystem is fully initialised. If enabled, lockdown will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 	  unconditionally be called before any other LSMs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) choice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	prompt "Kernel default lockdown mode"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	default LOCK_DOWN_KERNEL_FORCE_NONE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	depends on SECURITY_LOCKDOWN_LSM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	  The kernel can be configured to default to differing levels of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	  lockdown.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) config LOCK_DOWN_KERNEL_FORCE_NONE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	bool "None"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 	  No lockdown functionality is enabled by default. Lockdown may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 	  enabled via the kernel commandline or /sys/kernel/security/lockdown.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) config LOCK_DOWN_KERNEL_FORCE_INTEGRITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 	bool "Integrity"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	 The kernel runs in integrity mode by default. Features that allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 	 the kernel to be modified at runtime are disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 	bool "Confidentiality"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 	 The kernel runs in confidentiality mode by default. Features that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 	 allow the kernel to be modified at runtime or that permit userland
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 	 code to read confidential material held inside the kernel are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 	 disabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) endchoice
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.