]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # Security configuration | |
3 | # | |
4 | ||
5 | menu "Security options" | |
6 | ||
7 | config KEYS | |
8 | bool "Enable access key retention support" | |
9 | help | |
10 | This option provides support for retaining authentication tokens and | |
11 | access keys in the kernel. | |
12 | ||
13 | It also includes provision of methods by which such keys might be | |
14 | associated with a process so that network filesystems, encryption | |
15 | support and the like can find them. | |
16 | ||
17 | Furthermore, a special type of key is available that acts as keyring: | |
18 | a searchable sequence of keys. Each process is equipped with access | |
19 | to five standard keyrings: UID-specific, GID-specific, session, | |
20 | process and thread. | |
21 | ||
22 | If you are unsure as to whether this is required, answer N. | |
23 | ||
24 | config KEYS_DEBUG_PROC_KEYS | |
25 | bool "Enable the /proc/keys file by which all keys may be viewed" | |
26 | depends on KEYS | |
27 | help | |
28 | This option turns on support for the /proc/keys file through which | |
29 | all the keys on the system can be listed. | |
30 | ||
31 | This option is a slight security risk in that it makes it possible | |
32 | for anyone to see all the keys on the system. Normally the manager | |
33 | pretends keys that are inaccessible to a process don't exist as far | |
34 | as that process is concerned. | |
35 | ||
36 | config SECURITY | |
37 | bool "Enable different security models" | |
38 | help | |
39 | This allows you to choose different security modules to be | |
40 | configured into your kernel. | |
41 | ||
42 | If this option is not selected, the default Linux security | |
43 | model will be used. | |
44 | ||
45 | If you are unsure how to answer this question, answer N. | |
46 | ||
47 | config SECURITY_NETWORK | |
48 | bool "Socket and Networking Security Hooks" | |
49 | depends on SECURITY | |
50 | help | |
51 | This enables the socket and networking security hooks. | |
52 | If enabled, a security module can use these hooks to | |
53 | implement socket and networking access controls. | |
54 | If you are unsure how to answer this question, answer N. | |
55 | ||
56 | config SECURITY_CAPABILITIES | |
57 | tristate "Default Linux Capabilities" | |
58 | depends on SECURITY | |
59 | help | |
60 | This enables the "default" Linux capabilities functionality. | |
61 | If you are unsure how to answer this question, answer Y. | |
62 | ||
63 | config SECURITY_ROOTPLUG | |
64 | tristate "Root Plug Support" | |
65 | depends on USB && SECURITY | |
66 | help | |
67 | This is a sample LSM module that should only be used as such. | |
68 | It prevents any programs running with egid == 0 if a specific | |
69 | USB device is not present in the system. | |
70 | ||
71 | See <http://www.linuxjournal.com/article.php?sid=6279> for | |
72 | more information about this module. | |
73 | ||
74 | If you are unsure how to answer this question, answer N. | |
75 | ||
76 | config SECURITY_SECLVL | |
77 | tristate "BSD Secure Levels" | |
78 | depends on SECURITY | |
79 | select CRYPTO | |
80 | select CRYPTO_SHA1 | |
81 | help | |
82 | Implements BSD Secure Levels as an LSM. See | |
83 | <file:Documentation/seclvl.txt> for instructions on how to use this | |
84 | module. | |
85 | ||
86 | If you are unsure how to answer this question, answer N. | |
87 | ||
88 | source security/selinux/Kconfig | |
89 | ||
90 | endmenu | |
91 |