X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=security%2FKconfig;h=ffe994d38c23f4ee1dd0319da4900ec01a9c4544;hb=42a729ed906e15629ded9d498222f2550b2e8f5b;hp=3d4debd0257e2544996ac97c90831bde3a854e7d;hpb=9c70f1a7fa2d296f68e387b277296f0f2712a3d6;p=mirror_ubuntu-bionic-kernel.git diff --git a/security/Kconfig b/security/Kconfig index 3d4debd0257e..ffe994d38c23 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -18,6 +18,15 @@ config SECURITY_DMESG_RESTRICT If you are unsure how to answer this question, answer N. +config SECURITY_PERF_EVENTS_RESTRICT + bool "Restrict unprivileged use of performance events" + depends on PERF_EVENTS + help + If you say Y here, the kernel.perf_event_paranoid sysctl + will be set to 3 by default, and no unprivileged use of the + perf_event_open syscall will be permitted unless it is + changed. + config SECURITY bool "Enable different security models" depends on SYSFS @@ -36,6 +45,39 @@ config SECURITY_WRITABLE_HOOKS bool default n +config SECURITY_STACKING + bool "Security module stacking" + depends on SECURITY + help + Allows multiple major security modules to be stacked. + Modules are invoked in the order registered with a + "bail on fail" policy, in which the infrastructure + will stop processing once a denial is detected. Not + all modules can be stacked. SELinux and Smack are + known to be incompatible. User space components may + have trouble identifying the security module providing + data in some cases. + + If you select this option you will have to select which + of the stackable modules you wish to be active. The + "Default security module" will be ignored. The boot line + "security=" option can be used to specify that one of + the modules identifed for stacking should be used instead + of the entire stack. + + If you are unsure how to answer this question, answer N. + +config SECURITY_LSM_DEBUG + bool "Enable debugging of the LSM infrastructure" + depends on SECURITY + help + This allows you to choose debug messages related to + security modules configured into your kernel. These + messages may be helpful in determining how a security + module is using security blobs. + + If you are unsure how to answer this question, answer N. + config SECURITYFS bool "Enable the securityfs filesystem" help @@ -57,13 +99,13 @@ config SECURITY_NETWORK config PAGE_TABLE_ISOLATION bool "Remove the kernel mapping in user mode" default y - depends on X86_64 && !UML + depends on (X86_64 || X86_PAE) && !UML help This feature reduces the number of hardware side channels by ensuring that the majority of kernel addresses are not mapped into userspace. - See Documentation/x86/pagetable-isolation.txt for more details. + See Documentation/x86/pti.txt for more details. config SECURITY_INFINIBAND bool "Infiniband Security Hooks" @@ -154,6 +196,7 @@ config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" depends on HAVE_HARDENED_USERCOPY_ALLOCATOR select BUG + imply STRICT_DEVMEM help This option checks for obviously wrong memory regions when copying memory to/from the kernel (via copy_to_user() and @@ -216,6 +259,36 @@ config STATIC_USERMODEHELPER_PATH If you wish for all usermode helper programs to be disabled, specify an empty string here (i.e. ""). +config LOCK_DOWN_KERNEL + bool "Allow the kernel to be 'locked down'" + help + Allow the kernel to be locked down under certain circumstances, for + instance if UEFI secure boot is enabled. Locking down the kernel + turns off various features that might otherwise allow access to the + kernel image (eg. setting MSR registers). + +config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ + bool "Allow the kernel lockdown to be lifted by SysRq" + depends on LOCK_DOWN_KERNEL && MAGIC_SYSRQ + help + Allow the lockdown on a kernel to be lifted, by pressing a SysRq key + combination on a wired keyboard. + +config LOCK_DOWN_IN_EFI_SECURE_BOOT + bool "Lock down the kernel in EFI Secure Boot mode" + default n + select LOCK_DOWN_KERNEL + depends on EFI + help + UEFI Secure Boot provides a mechanism for ensuring that the firmware + will only load signed bootloaders and kernels. Secure boot mode may + be determined from EFI variables provided by the system firmware if + not indicated by the boot parameters. + + Enabling this option turns on results in kernel lockdown being + triggered if EFI Secure Boot is set. + + source security/selinux/Kconfig source security/smack/Kconfig source security/tomoyo/Kconfig @@ -225,6 +298,9 @@ source security/yama/Kconfig source security/integrity/Kconfig +menu "Security Module Selection" + visible if !SECURITY_STACKING + choice prompt "Default security module" default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX @@ -253,14 +329,139 @@ choice bool "Unix Discretionary Access Controls" endchoice +endmenu + +menu "Default Security Module or Modules" + visible if SECURITY_STACKING + + config SECURITY_SELINUX_STACKED + bool "SELinux" if SECURITY_SELINUX && !SECURITY_SMACK_STACKED + help + Add the SELinux security module to the stack. + Please be sure your user space code is accomodating of + this security module. + Ensure that your network configuration is compatible + with your combination of security modules. + + Incompatible with Smack being stacked. + + If you are unsure how to answer this question, answer N + + config SECURITY_SMACK_STACKED + bool "Simplified Mandatory Access Control" if SECURITY_SMACK + help + Add the Smack security module to the stack. + Please be sure your user space code is accomodating of + this security module. + Ensure that your network configuration is compatible + with your combination of security modules. + + Incompatible with SeLinux being stacked. + + If you are unsure how to answer this question, answer + + config SECURITY_TOMOYO_STACKED + bool "TOMOYO support is enabled by default" if SECURITY_TOMOYO + default n + help + This option instructs the system to use the TOMOYO checks. + If not selected the module will not be invoked. + Stacked security modules may interact in unexpected ways. + + If you are unsure how to answer this question, answer N. + + config SECURITY_APPARMOR_STACKED + bool "AppArmor" if SECURITY_APPARMOR + help + This option instructs the system to use the AppArmor checks. + + If you are unsure how to answer this question, answer N. + + config SECURITY_DAC_STACKED + bool "Unix Discretionary Access Controls" if !SECURITY_SELINUX_STACKED && !SECURITY_SMACK_STACKED && !SECURITY_TOMOYO_STACKED && !SECURITY_APPARMOR_STACKED + default y if !SECURITY_SELINUX_STACKED && !SECURITY_SMACK_STACKED && !SECURITY_TOMOYO_STACKED && !SECURITY_APPARMOR_STACKED + help + This option instructs the system to not use security modules + by default. This choice can be over ridden by specifying + the desired module using the security= parameter. + + This option is incompatible with selecting selinux, smack, + tomoyo, or apparmor. + + config DEFAULT_SECURITY_SELINUX + bool + default y if SECURITY_SELINUX_STACKED + + config DEFAULT_SECURITY_SMACK + bool + default y if SECURITY_SMACK_STACKED + + config DEFAULT_SECURITY_TOMOYO + bool + default y if SECURITY_TOMOYO_STACKED + + config DEFAULT_SECURITY_APPARMOR + bool + default y if SECURITY_APPARMOR_STACKED + + config DEFAULT_SECURITY_DAC + bool + default y if SECURITY_DAC_STACKED + +choice + depends on SECURITY_STACKING && !SECURITY_DAC_STACKED + prompt "Default LSM for legacy interfaces" + default SECURITY_DEFAULT_DISPLAY_SELINUX if SECURITY_SELINUX_STACKED + default SECURITY_DEFAULT_DISPLAY_SMACK if SECURITY_SMACK_STACKED + default SECURITY_DEFAULT_DISPLAY_TOMOYO if SECURITY_TOMOYO_STACKED + default SECURITY_DEFAULT_DISPALY_APPARMOR if SECURITY_APPARMOR_STACKED + default SECURITY_DEFAULT_DISPLAY_FIRST + + help + Select the security module context that will be displayed by + default on legacy interfaces if the kernel parameter + security.display= is not specified. + + config SECURITY_DEFAULT_DISPLAY_SELINUX + bool "SELinux" if SECURITY_SELINUX_STACKED=y + + config SECURITY_DEFAULT_DISPLAY_SMACK + bool "Simplified Mandatory Access Control" if SECURITY_SMACK_STACKED + + config SECURITY_DEFAULT_DISPLAY_TOMOYO + bool "TOMOYO" if SECURITY_TOMOYO_STACKED + + config SECURITY_DEFAULT_DISPLAY_APPARMOR + bool "AppArmor" if SECURITY_APPARMOR_STACKED + +endchoice + +config SECURITY_DEFAULT_DISPLAY_NAME + string + default "selinux" if SECURITY_DEFAULT_DISPLAY_SELINUX + default "smack" if SECURITY_DEFAULT_DISPLAY_SMACK + default "tomoyo" if SECURITY_DEFAULT_DISPLAY_TOMOYO + default "apparmor" if SECURITY_DEFAULT_DISPLAY_APPARMOR + default "" if DEFAULT_SECURITY_DAC + +endmenu config DEFAULT_SECURITY string + default "selinux,smack,tomoyo,apparmor" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_TOMOYO && DEFAULT_SECURITY_APPARMOR + default "selinux,smack,tomoyo" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_TOMOYO + default "selinux,smack,apparmor" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_APPARMOR + default "selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_TOMOYO && DEFAULT_SECURITY_APPARMOR + default "smack,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_TOMOYO && DEFAULT_SECURITY_APPARMOR + default "selinux,smack" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_SMACK + default "selinux,tomoyo" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_TOMOYO + default "selinux,apparmor" if DEFAULT_SECURITY_SELINUX && DEFAULT_SECURITY_APPARMOR + default "smack,tomoyo" if DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_TOMOYO + default "smack,apparmor" if DEFAULT_SECURITY_SMACK && DEFAULT_SECURITY_APPARMOR + default "tomoyo,apparmor" if DEFAULT_SECURITY_TOMOYO && DEFAULT_SECURITY_APPARMOR default "selinux" if DEFAULT_SECURITY_SELINUX default "smack" if DEFAULT_SECURITY_SMACK default "tomoyo" if DEFAULT_SECURITY_TOMOYO default "apparmor" if DEFAULT_SECURITY_APPARMOR default "" if DEFAULT_SECURITY_DAC - endmenu -