]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/Kconfig
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
evm: Don't deadlock if a crypto algorithm is unavailable
[mirror_ubuntu-bionic-kernel.git] / security / Kconfig
diff --git a/security/Kconfig b/security/Kconfig
index 3bc5e8475d77ffa9f9fe72d4fb9e75851450729d..ffe994d38c23f4ee1dd0319da4900ec01a9c4544 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -99,7 +99,7 @@ config SECURITY_NETWORK
 config PAGE_TABLE_ISOLATION
        bool "Remove the kernel mapping in user mode"
        default y
-       depends on X86_64 && !UML
+       depends on (X86_64 || X86_PAE) && !UML
        help
          This feature reduces the number of hardware side channels by
          ensuring that the majority of kernel addresses are not mapped
@@ -408,6 +408,42 @@ menu "Default Security Module or Modules"
               bool
               default y if SECURITY_DAC_STACKED
 
+choice
+       depends on SECURITY_STACKING && !SECURITY_DAC_STACKED
+       prompt "Default LSM for legacy interfaces"
+       default SECURITY_DEFAULT_DISPLAY_SELINUX if SECURITY_SELINUX_STACKED
+       default SECURITY_DEFAULT_DISPLAY_SMACK if SECURITY_SMACK_STACKED
+       default SECURITY_DEFAULT_DISPLAY_TOMOYO if SECURITY_TOMOYO_STACKED
+       default SECURITY_DEFAULT_DISPALY_APPARMOR if SECURITY_APPARMOR_STACKED
+       default SECURITY_DEFAULT_DISPLAY_FIRST
+
+       help
+         Select the security module context that will be displayed by
+          default on legacy interfaces if the kernel parameter
+          security.display= is not specified.
+
+       config SECURITY_DEFAULT_DISPLAY_SELINUX
+               bool "SELinux" if SECURITY_SELINUX_STACKED=y
+
+       config SECURITY_DEFAULT_DISPLAY_SMACK
+               bool "Simplified Mandatory Access Control" if SECURITY_SMACK_STACKED
+
+       config SECURITY_DEFAULT_DISPLAY_TOMOYO
+               bool "TOMOYO" if SECURITY_TOMOYO_STACKED
+
+       config SECURITY_DEFAULT_DISPLAY_APPARMOR
+               bool "AppArmor" if SECURITY_APPARMOR_STACKED
+
+endchoice
+
+config SECURITY_DEFAULT_DISPLAY_NAME
+       string
+       default "selinux" if SECURITY_DEFAULT_DISPLAY_SELINUX
+       default "smack" if SECURITY_DEFAULT_DISPLAY_SMACK
+       default "tomoyo" if SECURITY_DEFAULT_DISPLAY_TOMOYO
+       default "apparmor" if SECURITY_DEFAULT_DISPLAY_APPARMOR
+       default "" if DEFAULT_SECURITY_DAC
+
 endmenu
 
 config DEFAULT_SECURITY
ubuntu-bionic-kernel mirror