Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/smack/Kconfig 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) config SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) 	bool "Simplified Mandatory Access Control Kernel Support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 	depends on NET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) 	depends on INET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 	depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 	select NETLABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 	select SECURITY_NETWORK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	  This selects the Simplified Mandatory Access Control Kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	  Smack is useful for sensitivity, integrity, and a variety
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	  of other mandatory security schemes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	  If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) config SECURITY_SMACK_BRINGUP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 	bool "Reporting on access granted by Smack rules"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	depends on SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	  Enable the bring-up ("b") access mode in Smack rules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	  When access is granted by a rule with the "b" mode a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	  message about the access requested is generated. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	  intention is that a process can be granted a wide set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	  of access initially with the bringup mode set on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 	  rules. The developer can use the information to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 	  identify which rules are necessary and what accesses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	  may be inappropriate. The developer can reduce the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 	  access rule set once the behavior is well understood.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 	  This is a superior mechanism to the oft abused
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 	  "permissive" mode of other systems.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 	  If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) config SECURITY_SMACK_NETFILTER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 	bool "Packet marking using secmarks for netfilter"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	depends on SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 	depends on NETWORK_SECMARK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 	depends on NETFILTER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	  This enables security marking of network packets using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 	  Smack labels.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 	  If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) config SECURITY_SMACK_APPEND_SIGNALS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 	bool "Treat delivering signals as an append operation"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 	depends on SECURITY_SMACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 	  Sending a signal has been treated as a write operation to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	  receiving process. If this option is selected, the delivery
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 	  will be an append operation instead. This makes it possible
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 	  to differentiate between delivering a network packet and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) 	  delivering a signal in the Smack rules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) 	  If you are unsure how to answer this question, answer N.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.