diff options
author | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
commit | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch) | |
tree | 0bba044c4ce775e45a88a51686b5d9f90697ea9d /security/Kconfig |
Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig new file mode 100644 index 000000000000..dcf04a09185d --- /dev/null +++ b/security/Kconfig | |||
@@ -0,0 +1,91 @@ | |||
1 | # | ||
2 | # Security configuration | ||
3 | # | ||
4 | |||
5 | menu "Security options" | ||
6 | |||
7 | config KEYS | ||
8 | bool "Enable access key retention support" | ||
9 | help | ||
10 | This option provides support for retaining authentication tokens and | ||
11 | access keys in the kernel. | ||
12 | |||
13 | It also includes provision of methods by which such keys might be | ||
14 | associated with a process so that network filesystems, encryption | ||
15 | support and the like can find them. | ||
16 | |||
17 | Furthermore, a special type of key is available that acts as keyring: | ||
18 | a searchable sequence of keys. Each process is equipped with access | ||
19 | to five standard keyrings: UID-specific, GID-specific, session, | ||
20 | process and thread. | ||
21 | |||
22 | If you are unsure as to whether this is required, answer N. | ||
23 | |||
24 | config KEYS_DEBUG_PROC_KEYS | ||
25 | bool "Enable the /proc/keys file by which all keys may be viewed" | ||
26 | depends on KEYS | ||
27 | help | ||
28 | This option turns on support for the /proc/keys file through which | ||
29 | all the keys on the system can be listed. | ||
30 | |||
31 | This option is a slight security risk in that it makes it possible | ||
32 | for anyone to see all the keys on the system. Normally the manager | ||
33 | pretends keys that are inaccessible to a process don't exist as far | ||
34 | as that process is concerned. | ||
35 | |||
36 | config SECURITY | ||
37 | bool "Enable different security models" | ||
38 | help | ||
39 | This allows you to choose different security modules to be | ||
40 | configured into your kernel. | ||
41 | |||
42 | If this option is not selected, the default Linux security | ||
43 | model will be used. | ||
44 | |||
45 | If you are unsure how to answer this question, answer N. | ||
46 | |||
47 | config SECURITY_NETWORK | ||
48 | bool "Socket and Networking Security Hooks" | ||
49 | depends on SECURITY | ||
50 | help | ||
51 | This enables the socket and networking security hooks. | ||
52 | If enabled, a security module can use these hooks to | ||
53 | implement socket and networking access controls. | ||
54 | If you are unsure how to answer this question, answer N. | ||
55 | |||
56 | config SECURITY_CAPABILITIES | ||
57 | tristate "Default Linux Capabilities" | ||
58 | depends on SECURITY | ||
59 | help | ||
60 | This enables the "default" Linux capabilities functionality. | ||
61 | If you are unsure how to answer this question, answer Y. | ||
62 | |||
63 | config SECURITY_ROOTPLUG | ||
64 | tristate "Root Plug Support" | ||
65 | depends on USB && SECURITY | ||
66 | help | ||
67 | This is a sample LSM module that should only be used as such. | ||
68 | It prevents any programs running with egid == 0 if a specific | ||
69 | USB device is not present in the system. | ||
70 | |||
71 | See <http://www.linuxjournal.com/article.php?sid=6279> for | ||
72 | more information about this module. | ||
73 | |||
74 | If you are unsure how to answer this question, answer N. | ||
75 | |||
76 | config SECURITY_SECLVL | ||
77 | tristate "BSD Secure Levels" | ||
78 | depends on SECURITY | ||
79 | select CRYPTO | ||
80 | select CRYPTO_SHA1 | ||
81 | help | ||
82 | Implements BSD Secure Levels as an LSM. See | ||
83 | <file:Documentation/seclvl.txt> for instructions on how to use this | ||
84 | module. | ||
85 | |||
86 | If you are unsure how to answer this question, answer N. | ||
87 | |||
88 | source security/selinux/Kconfig | ||
89 | |||
90 | endmenu | ||
91 | |||