forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-pinenote/security/yama/Kconfig

22 lines
656 B
Text
Raw Normal View History

security: Yama LSM This adds the Yama Linux Security Module to collect DAC security improvements (specifically just ptrace restrictions for now) that have existed in various forms over the years and have been carried outside the mainline kernel by other Linux distributions like Openwall and grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2011-12-21 12:17:04 -08:00
config SECURITY_YAMA
bool "Yama support"
depends on SECURITY
select SECURITYFS
select SECURITY_PATH
default n
help
This selects Yama, which extends DAC support with additional
system-wide security settings beyond regular Linux discretionary
access controls. Currently available is ptrace scope restriction.
Further information can be found in Documentation/security/Yama.txt.
If you are unsure how to answer this question, answer N.
security: allow Yama to be unconditionally stacked Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected, no matter what LSM module is primary. Ubuntu and Chrome OS already carry patches to do this, and Fedora has voiced interest in doing this as well. Instead of having multiple distributions (or LSM authors) carrying these patches, just allow Yama to be called unconditionally when selected by the new CONFIG. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-09-04 13:32:13 -07:00
config SECURITY_YAMA_STACKED
bool "Yama stacked with other LSMs"
depends on SECURITY_YAMA
default n
help
When Yama is built into the kernel, force it to stack with the
selected primary LSM.
Reference in a new issue Copy permalink