]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/Kconfig
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
UBUNTU: Ubuntu-4.15.0-96.97
[mirror_ubuntu-bionic-kernel.git] / security / Kconfig
diff --git a/security/Kconfig b/security/Kconfig
index 3bc5e8475d77ffa9f9fe72d4fb9e75851450729d..103cb39baed2ed59ef131dd5afe7330fa8aa711b 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -99,7 +99,7 @@ config SECURITY_NETWORK
 config PAGE_TABLE_ISOLATION
        bool "Remove the kernel mapping in user mode"
        default y
-       depends on X86_64 && !UML
+       depends on (X86_64 || X86_PAE) && !UML
        help
          This feature reduces the number of hardware side channels by
          ensuring that the majority of kernel addresses are not mapped
@@ -267,13 +267,6 @@ config LOCK_DOWN_KERNEL
          turns off various features that might otherwise allow access to the
          kernel image (eg. setting MSR registers).
 
-config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
-       bool "Allow the kernel lockdown to be lifted by SysRq"
-       depends on LOCK_DOWN_KERNEL && MAGIC_SYSRQ
-       help
-         Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
-         combination on a wired keyboard.
-
 config LOCK_DOWN_IN_EFI_SECURE_BOOT
        bool "Lock down the kernel in EFI Secure Boot mode"
        default n
@@ -408,6 +401,42 @@ menu "Default Security Module or Modules"
               bool
               default y if SECURITY_DAC_STACKED
 
+choice
+       depends on SECURITY_STACKING && !SECURITY_DAC_STACKED
+       prompt "Default LSM for legacy interfaces"
+       default SECURITY_DEFAULT_DISPLAY_SELINUX if SECURITY_SELINUX_STACKED
+       default SECURITY_DEFAULT_DISPLAY_SMACK if SECURITY_SMACK_STACKED
+       default SECURITY_DEFAULT_DISPLAY_TOMOYO if SECURITY_TOMOYO_STACKED
+       default SECURITY_DEFAULT_DISPALY_APPARMOR if SECURITY_APPARMOR_STACKED
+       default SECURITY_DEFAULT_DISPLAY_FIRST
+
+       help
+         Select the security module context that will be displayed by
+          default on legacy interfaces if the kernel parameter
+          security.display= is not specified.
+
+       config SECURITY_DEFAULT_DISPLAY_SELINUX
+               bool "SELinux" if SECURITY_SELINUX_STACKED=y
+
+       config SECURITY_DEFAULT_DISPLAY_SMACK
+               bool "Simplified Mandatory Access Control" if SECURITY_SMACK_STACKED
+
+       config SECURITY_DEFAULT_DISPLAY_TOMOYO
+               bool "TOMOYO" if SECURITY_TOMOYO_STACKED
+
+       config SECURITY_DEFAULT_DISPLAY_APPARMOR
+               bool "AppArmor" if SECURITY_APPARMOR_STACKED
+
+endchoice
+
+config SECURITY_DEFAULT_DISPLAY_NAME
+       string
+       default "selinux" if SECURITY_DEFAULT_DISPLAY_SELINUX
+       default "smack" if SECURITY_DEFAULT_DISPLAY_SMACK
+       default "tomoyo" if SECURITY_DEFAULT_DISPLAY_TOMOYO
+       default "apparmor" if SECURITY_DEFAULT_DISPLAY_APPARMOR
+       default "" if DEFAULT_SECURITY_DAC
+
 endmenu
 
 config DEFAULT_SECURITY
ubuntu-bionic-kernel mirror