43 lines
1.5 KiB
Plaintext
43 lines
1.5 KiB
Plaintext
|
config SECURITY_SMACK
|
||
|
|
bool "Simplified Mandatory Access Control Kernel Support"
|
||
|
|
depends on NET
|
||
|
|
depends on INET
|
||
|
|
depends on SECURITY
|
||
|
|
select NETLABEL
|
||
|
|
select SECURITY_NETWORK
|
||
|
|
default n
|
||
|
|
help
|
||
|
|
This selects the Simplified Mandatory Access Control Kernel.
|
||
|
|
Smack is useful for sensitivity, integrity, and a variety
|
||
|
|
of other mandatory security schemes.
|
||
|
|
If you are unsure how to answer this question, answer N.
|
||
|
|
|
||
|
|
config SECURITY_SMACK_BRINGUP
|
||
|
|
bool "Reporting on access granted by Smack rules"
|
||
|
|
depends on SECURITY_SMACK
|
||
|
|
default n
|
||
|
|
help
|
||
|
|
Enable the bring-up ("b") access mode in Smack rules.
|
||
|
|
When access is granted by a rule with the "b" mode a
|
||
|
|
message about the access requested is generated. The
|
||
|
|
intention is that a process can be granted a wide set
|
||
|
|
of access initially with the bringup mode set on the
|
||
|
|
rules. The developer can use the information to
|
||
|
|
identify which rules are necessary and what accesses
|
||
|
|
may be inappropriate. The developer can reduce the
|
||
|
|
access rule set once the behavior is well understood.
|
||
|
|
This is a superior mechanism to the oft abused
|
||
|
|
"permissive" mode of other systems.
|
||
|
|
If you are unsure how to answer this question, answer N.
|
||
|
|
|
||
|
|
config SECURITY_SMACK_NETFILTER
|
||
|
|
bool "Packet marking using secmarks for netfilter"
|
||
|
|
depends on SECURITY_SMACK
|
||
|
|
depends on NETWORK_SECMARK
|
||
|
|
depends on NETFILTER
|
||
|
|
default n
|
||
|
|
help
|
||
|
|
This enables security marking of network packets using
|
||
|
|
Smack labels.
|
||
|
|
If you are unsure how to answer this question, answer N.
|