Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # Security configuration | |
3 | # | |
4 | ||
5 | menu "Security options" | |
6 | ||
7 | config KEYS | |
8 | bool "Enable access key retention support" | |
9 | help | |
10 | This option provides support for retaining authentication tokens and | |
11 | access keys in the kernel. | |
12 | ||
13 | It also includes provision of methods by which such keys might be | |
14 | associated with a process so that network filesystems, encryption | |
15 | support and the like can find them. | |
16 | ||
17 | Furthermore, a special type of key is available that acts as keyring: | |
18 | a searchable sequence of keys. Each process is equipped with access | |
19 | to five standard keyrings: UID-specific, GID-specific, session, | |
20 | process and thread. | |
21 | ||
22 | If you are unsure as to whether this is required, answer N. | |
23 | ||
24 | config KEYS_DEBUG_PROC_KEYS | |
25 | bool "Enable the /proc/keys file by which all keys may be viewed" | |
26 | depends on KEYS | |
27 | help | |
28 | This option turns on support for the /proc/keys file through which | |
29 | all the keys on the system can be listed. | |
30 | ||
31 | This option is a slight security risk in that it makes it possible | |
32 | for anyone to see all the keys on the system. Normally the manager | |
33 | pretends keys that are inaccessible to a process don't exist as far | |
34 | as that process is concerned. | |
35 | ||
36 | config SECURITY | |
37 | bool "Enable different security models" | |
2c40579b | 38 | depends on SYSFS |
1da177e4 LT |
39 | help |
40 | This allows you to choose different security modules to be | |
41 | configured into your kernel. | |
42 | ||
43 | If this option is not selected, the default Linux security | |
44 | model will be used. | |
45 | ||
46 | If you are unsure how to answer this question, answer N. | |
47 | ||
48 | config SECURITY_NETWORK | |
49 | bool "Socket and Networking Security Hooks" | |
50 | depends on SECURITY | |
51 | help | |
52 | This enables the socket and networking security hooks. | |
53 | If enabled, a security module can use these hooks to | |
54 | implement socket and networking access controls. | |
55 | If you are unsure how to answer this question, answer N. | |
56 | ||
57 | config SECURITY_CAPABILITIES | |
58 | tristate "Default Linux Capabilities" | |
59 | depends on SECURITY | |
60 | help | |
61 | This enables the "default" Linux capabilities functionality. | |
62 | If you are unsure how to answer this question, answer Y. | |
63 | ||
64 | config SECURITY_ROOTPLUG | |
65 | tristate "Root Plug Support" | |
66 | depends on USB && SECURITY | |
67 | help | |
68 | This is a sample LSM module that should only be used as such. | |
69 | It prevents any programs running with egid == 0 if a specific | |
70 | USB device is not present in the system. | |
71 | ||
72 | See <http://www.linuxjournal.com/article.php?sid=6279> for | |
73 | more information about this module. | |
74 | ||
75 | If you are unsure how to answer this question, answer N. | |
76 | ||
77 | config SECURITY_SECLVL | |
78 | tristate "BSD Secure Levels" | |
79 | depends on SECURITY | |
80 | select CRYPTO | |
81 | select CRYPTO_SHA1 | |
82 | help | |
83 | Implements BSD Secure Levels as an LSM. See | |
84 | <file:Documentation/seclvl.txt> for instructions on how to use this | |
85 | module. | |
86 | ||
87 | If you are unsure how to answer this question, answer N. | |
88 | ||
89 | source security/selinux/Kconfig | |
90 | ||
91 | endmenu | |
92 |