1 files changed, 29 insertions, 0 deletions
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a90d6d300dbd..a4f3f8c48d6e 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -4,6 +4,7 @@
 config KEYS
        bool "Enable access key retention support"
+        select ASSOCIATIVE_ARRAY
        help
          This option provides support for retaining authentication tokens and
          access keys in the kernel.
@@ -19,6 +20,34 @@ config KEYS
          If you are unsure as to whether this is required, answer N.
+config PERSISTENT_KEYRINGS
+        bool "Enable register of persistent per-UID keyrings"
+        depends on KEYS
+        help
+          This option provides a register of persistent per-UID keyrings,
+          primarily aimed at Kerberos key storage.  The keyrings are persistent
+          in the sense that they stay around after all processes of that UID
+          have exited, not that they survive the machine being rebooted.
+          A particular keyring may be accessed by either the user whose keyring
+          it is or by a process with administrative privileges.  The active
+          LSMs gets to rule on which admin-level processes get to access the
+          cache.
+          Keyrings are created and added into the register upon demand and get
+          removed if they expire (a default timeout is set upon creation).
+config BIG_KEYS
+        bool "Large payload keys"
+        depends on KEYS
+        depends on TMPFS
+        help
+          This option provides support for holding large keys within the kernel
+          (for example Kerberos ticket caches).  The data may be stored out to
+          swapspace by tmpfs.
+          If you are unsure as to whether this is required, answer N.
 config TRUSTED_KEYS
        tristate "TRUSTED KEYS"
        depends on KEYS && TCG_TPM

diff --git a/security/keys/Kconfig b/security/keys/Kconfig index a90d6d300dbd..a4f3f8c48d6e 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig
@@ -4,6 +4,7 @@
4		4
5	config KEYS	5	config KEYS
6	bool "Enable access key retention support"	6	bool "Enable access key retention support"
		7	select ASSOCIATIVE_ARRAY
7	help	8	help
8	This option provides support for retaining authentication tokens and	9	This option provides support for retaining authentication tokens and
9	access keys in the kernel.	10	access keys in the kernel.
@@ -19,6 +20,34 @@ config KEYS
19		20
20	If you are unsure as to whether this is required, answer N.	21	If you are unsure as to whether this is required, answer N.
21		22
		23	config PERSISTENT_KEYRINGS
		24	bool "Enable register of persistent per-UID keyrings"
		25	depends on KEYS
		26	help
		27	This option provides a register of persistent per-UID keyrings,
		28	primarily aimed at Kerberos key storage. The keyrings are persistent
		29	in the sense that they stay around after all processes of that UID
		30	have exited, not that they survive the machine being rebooted.
		31
		32	A particular keyring may be accessed by either the user whose keyring
		33	it is or by a process with administrative privileges. The active
		34	LSMs gets to rule on which admin-level processes get to access the
		35	cache.
		36
		37	Keyrings are created and added into the register upon demand and get
		38	removed if they expire (a default timeout is set upon creation).
		39
		40	config BIG_KEYS
		41	bool "Large payload keys"
		42	depends on KEYS
		43	depends on TMPFS
		44	help
		45	This option provides support for holding large keys within the kernel
		46	(for example Kerberos ticket caches). The data may be stored out to
		47	swapspace by tmpfs.
		48
		49	If you are unsure as to whether this is required, answer N.
		50
22	config TRUSTED_KEYS	51	config TRUSTED_KEYS
23	tristate "TRUSTED KEYS"	52	tristate "TRUSTED KEYS"
24	depends on KEYS && TCG_TPM	53	depends on KEYS && TCG_TPM