diff options
Diffstat (limited to 'security/Kconfig')
| -rw-r--r-- | security/Kconfig | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/security/Kconfig b/security/Kconfig index fb363cd81cf6..226b9556b25f 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -91,28 +91,6 @@ config SECURITY_PATH | |||
| 91 | implement pathname based access controls. | 91 | implement pathname based access controls. |
| 92 | If you are unsure how to answer this question, answer N. | 92 | If you are unsure how to answer this question, answer N. |
| 93 | 93 | ||
| 94 | config SECURITY_FILE_CAPABILITIES | ||
| 95 | bool "File POSIX Capabilities" | ||
| 96 | default n | ||
| 97 | help | ||
| 98 | This enables filesystem capabilities, allowing you to give | ||
| 99 | binaries a subset of root's powers without using setuid 0. | ||
| 100 | |||
| 101 | If in doubt, answer N. | ||
| 102 | |||
| 103 | config SECURITY_ROOTPLUG | ||
| 104 | bool "Root Plug Support" | ||
| 105 | depends on USB=y && SECURITY | ||
| 106 | help | ||
| 107 | This is a sample LSM module that should only be used as such. | ||
| 108 | It prevents any programs running with egid == 0 if a specific | ||
| 109 | USB device is not present in the system. | ||
| 110 | |||
| 111 | See <http://www.linuxjournal.com/article.php?sid=6279> for | ||
| 112 | more information about this module. | ||
| 113 | |||
| 114 | If you are unsure how to answer this question, answer N. | ||
| 115 | |||
| 116 | config INTEL_TXT | 94 | config INTEL_TXT |
| 117 | bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" | 95 | bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" |
| 118 | depends on HAVE_INTEL_TXT | 96 | depends on HAVE_INTEL_TXT |
| @@ -165,5 +143,37 @@ source security/tomoyo/Kconfig | |||
| 165 | 143 | ||
| 166 | source security/integrity/ima/Kconfig | 144 | source security/integrity/ima/Kconfig |
| 167 | 145 | ||
| 146 | choice | ||
| 147 | prompt "Default security module" | ||
| 148 | default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX | ||
| 149 | default DEFAULT_SECURITY_SMACK if SECURITY_SMACK | ||
| 150 | default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO | ||
| 151 | default DEFAULT_SECURITY_DAC | ||
| 152 | |||
| 153 | help | ||
| 154 | Select the security module that will be used by default if the | ||
| 155 | kernel parameter security= is not specified. | ||
| 156 | |||
| 157 | config DEFAULT_SECURITY_SELINUX | ||
| 158 | bool "SELinux" if SECURITY_SELINUX=y | ||
| 159 | |||
| 160 | config DEFAULT_SECURITY_SMACK | ||
| 161 | bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y | ||
| 162 | |||
| 163 | config DEFAULT_SECURITY_TOMOYO | ||
| 164 | bool "TOMOYO" if SECURITY_TOMOYO=y | ||
| 165 | |||
| 166 | config DEFAULT_SECURITY_DAC | ||
| 167 | bool "Unix Discretionary Access Controls" | ||
| 168 | |||
| 169 | endchoice | ||
| 170 | |||
| 171 | config DEFAULT_SECURITY | ||
| 172 | string | ||
| 173 | default "selinux" if DEFAULT_SECURITY_SELINUX | ||
| 174 | default "smack" if DEFAULT_SECURITY_SMACK | ||
| 175 | default "tomoyo" if DEFAULT_SECURITY_TOMOYO | ||
| 176 | default "" if DEFAULT_SECURITY_DAC | ||
| 177 | |||
| 168 | endmenu | 178 | endmenu |
| 169 | 179 | ||