Back to home page

LXR

 
 

    


0001 #
0002 # Security configuration
0003 #
0004 
0005 menu "Security options"
0006 
0007 source security/keys/Kconfig
0008 
0009 config SECURITY_DMESG_RESTRICT
0010         bool "Restrict unprivileged access to the kernel syslog"
0011         default n
0012         help
0013           This enforces restrictions on unprivileged users reading the kernel
0014           syslog via dmesg(8).
0015 
0016           If this option is not selected, no restrictions will be enforced
0017           unless the dmesg_restrict sysctl is explicitly set to (1).
0018 
0019           If you are unsure how to answer this question, answer N.
0020 
0021 config SECURITY
0022         bool "Enable different security models"
0023         depends on SYSFS
0024         depends on MULTIUSER
0025         help
0026           This allows you to choose different security modules to be
0027           configured into your kernel.
0028 
0029           If this option is not selected, the default Linux security
0030           model will be used.
0031 
0032           If you are unsure how to answer this question, answer N.
0033 
0034 config SECURITYFS
0035         bool "Enable the securityfs filesystem"
0036         help
0037           This will build the securityfs filesystem.  It is currently used by
0038           the TPM bios character driver and IMA, an integrity provider.  It is
0039           not used by SELinux or SMACK.
0040 
0041           If you are unsure how to answer this question, answer N.
0042 
0043 config SECURITY_NETWORK
0044         bool "Socket and Networking Security Hooks"
0045         depends on SECURITY
0046         help
0047           This enables the socket and networking security hooks.
0048           If enabled, a security module can use these hooks to
0049           implement socket and networking access controls.
0050           If you are unsure how to answer this question, answer N.
0051 
0052 config SECURITY_NETWORK_XFRM
0053         bool "XFRM (IPSec) Networking Security Hooks"
0054         depends on XFRM && SECURITY_NETWORK
0055         help
0056           This enables the XFRM (IPSec) networking security hooks.
0057           If enabled, a security module can use these hooks to
0058           implement per-packet access controls based on labels
0059           derived from IPSec policy.  Non-IPSec communications are
0060           designated as unlabelled, and only sockets authorized
0061           to communicate unlabelled data can send without using
0062           IPSec.
0063           If you are unsure how to answer this question, answer N.
0064 
0065 config SECURITY_PATH
0066         bool "Security hooks for pathname based access control"
0067         depends on SECURITY
0068         help
0069           This enables the security hooks for pathname based access control.
0070           If enabled, a security module can use these hooks to
0071           implement pathname based access controls.
0072           If you are unsure how to answer this question, answer N.
0073 
0074 config INTEL_TXT
0075         bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
0076         depends on HAVE_INTEL_TXT
0077         help
0078           This option enables support for booting the kernel with the
0079           Trusted Boot (tboot) module. This will utilize
0080           Intel(R) Trusted Execution Technology to perform a measured launch
0081           of the kernel. If the system does not support Intel(R) TXT, this
0082           will have no effect.
0083 
0084           Intel TXT will provide higher assurance of system configuration and
0085           initial state as well as data reset protection.  This is used to
0086           create a robust initial kernel measurement and verification, which
0087           helps to ensure that kernel security mechanisms are functioning
0088           correctly. This level of protection requires a root of trust outside
0089           of the kernel itself.
0090 
0091           Intel TXT also helps solve real end user concerns about having
0092           confidence that their hardware is running the VMM or kernel that
0093           it was configured with, especially since they may be responsible for
0094           providing such assurances to VMs and services running on it.
0095 
0096           See <http://www.intel.com/technology/security/> for more information
0097           about Intel(R) TXT.
0098           See <http://tboot.sourceforge.net> for more information about tboot.
0099           See Documentation/intel_txt.txt for a description of how to enable
0100           Intel TXT support in a kernel boot.
0101 
0102           If you are unsure as to whether this is required, answer N.
0103 
0104 config LSM_MMAP_MIN_ADDR
0105         int "Low address space for LSM to protect from user allocation"
0106         depends on SECURITY && SECURITY_SELINUX
0107         default 32768 if ARM || (ARM64 && COMPAT)
0108         default 65536
0109         help
0110           This is the portion of low virtual memory which should be protected
0111           from userspace allocation.  Keeping a user from writing to low pages
0112           can help reduce the impact of kernel NULL pointer bugs.
0113 
0114           For most ia64, ppc64 and x86 users with lots of address space
0115           a value of 65536 is reasonable and should cause no problems.
0116           On arm and other archs it should not be higher than 32768.
0117           Programs which use vm86 functionality or have some need to map
0118           this low address space will need the permission specific to the
0119           systems running LSM.
0120 
0121 config HAVE_HARDENED_USERCOPY_ALLOCATOR
0122         bool
0123         help
0124           The heap allocator implements __check_heap_object() for
0125           validating memory ranges against heap object sizes in
0126           support of CONFIG_HARDENED_USERCOPY.
0127 
0128 config HAVE_ARCH_HARDENED_USERCOPY
0129         bool
0130         help
0131           The architecture supports CONFIG_HARDENED_USERCOPY by
0132           calling check_object_size() just before performing the
0133           userspace copies in the low level implementation of
0134           copy_to_user() and copy_from_user().
0135 
0136 config HARDENED_USERCOPY
0137         bool "Harden memory copies between kernel and userspace"
0138         depends on HAVE_ARCH_HARDENED_USERCOPY
0139         depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
0140         select BUG
0141         help
0142           This option checks for obviously wrong memory regions when
0143           copying memory to/from the kernel (via copy_to_user() and
0144           copy_from_user() functions) by rejecting memory ranges that
0145           are larger than the specified heap object, span multiple
0146           separately allocates pages, are not on the process stack,
0147           or are part of the kernel text. This kills entire classes
0148           of heap overflow exploits and similar kernel memory exposures.
0149 
0150 config HARDENED_USERCOPY_PAGESPAN
0151         bool "Refuse to copy allocations that span multiple pages"
0152         depends on HARDENED_USERCOPY
0153         depends on EXPERT
0154         help
0155           When a multi-page allocation is done without __GFP_COMP,
0156           hardened usercopy will reject attempts to copy it. There are,
0157           however, several cases of this in the kernel that have not all
0158           been removed. This config is intended to be used only while
0159           trying to find such users.
0160 
0161 source security/selinux/Kconfig
0162 source security/smack/Kconfig
0163 source security/tomoyo/Kconfig
0164 source security/apparmor/Kconfig
0165 source security/loadpin/Kconfig
0166 source security/yama/Kconfig
0167 
0168 source security/integrity/Kconfig
0169 
0170 choice
0171         prompt "Default security module"
0172         default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
0173         default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
0174         default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
0175         default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
0176         default DEFAULT_SECURITY_DAC
0177 
0178         help
0179           Select the security module that will be used by default if the
0180           kernel parameter security= is not specified.
0181 
0182         config DEFAULT_SECURITY_SELINUX
0183                 bool "SELinux" if SECURITY_SELINUX=y
0184 
0185         config DEFAULT_SECURITY_SMACK
0186                 bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
0187 
0188         config DEFAULT_SECURITY_TOMOYO
0189                 bool "TOMOYO" if SECURITY_TOMOYO=y
0190 
0191         config DEFAULT_SECURITY_APPARMOR
0192                 bool "AppArmor" if SECURITY_APPARMOR=y
0193 
0194         config DEFAULT_SECURITY_DAC
0195                 bool "Unix Discretionary Access Controls"
0196 
0197 endchoice
0198 
0199 config DEFAULT_SECURITY
0200         string
0201         default "selinux" if DEFAULT_SECURITY_SELINUX
0202         default "smack" if DEFAULT_SECURITY_SMACK
0203         default "tomoyo" if DEFAULT_SECURITY_TOMOYO
0204         default "apparmor" if DEFAULT_SECURITY_APPARMOR
0205         default "" if DEFAULT_SECURITY_DAC
0206 
0207 endmenu
0208