Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /security/smack/Kconfig 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
config CONFIG_SECURITY_SMACK
	bool "Simplified Mandatory Access Control Kernel Support"
	depends on CONFIG_NET
	depends on CONFIG_INET
	depends on CONFIG_SECURITY
	select CONFIG_NETLABEL
	select CONFIG_SECURITY_NETWORK
	default n
	help
	  This selects the Simplified Mandatory Access Control Kernel.
	  Smack is useful for sensitivity, integrity, and a variety
	  of other mandatory security schemes.
	  If you are unsure how to answer this question, answer N.

config CONFIG_SECURITY_SMACK_BRINGUP
	bool "Reporting on access granted by Smack rules"
	depends on CONFIG_SECURITY_SMACK
	default n
	help
	  Enable the bring-up ("b") access mode in Smack rules.
	  When access is granted by a rule with the "b" mode a
	  message about the access requested is generated. The
	  intention is that a process can be granted a wide set
	  of access initially with the bringup mode set on the
	  rules. The developer can use the information to
	  identify which rules are necessary and what accesses
	  may be inappropriate. The developer can reduce the
	  access rule set once the behavior is well understood.
	  This is a superior mechanism to the oft abused
	  "permissive" mode of other systems.
	  If you are unsure how to answer this question, answer N.

config CONFIG_SECURITY_SMACK_NETFILTER
	bool "Packet marking using secmarks for netfilter"
	depends on CONFIG_SECURITY_SMACK
	depends on CONFIG_NETWORK_SECMARK
	depends on CONFIG_NETFILTER
	default n
	help
	  This enables security marking of network packets using
	  Smack labels.
	  If you are unsure how to answer this question, answer N.

config CONFIG_SECURITY_SMACK_APPEND_SIGNALS
	bool "Treat delivering signals as an append operation"
	depends on CONFIG_SECURITY_SMACK
	default n
	help
	  Sending a signal has been treated as a write operation to the
	  receiving process. If this option is selected, the delivery
	  will be an append operation instead. This makes it possible
	  to differentiate between delivering a network packet and
	  delivering a signal in the Smack rules.
	  If you are unsure how to answer this question, answer N.