0001 # SPDX-License-Identifier: GPL-2.0-only
0002 config SECURITY_TOMOYO
0003 bool "TOMOYO Linux Support"
0004 depends on SECURITY
0005 depends on NET
0006 select SECURITYFS
0007 select SECURITY_PATH
0008 select SECURITY_NETWORK
0009 select SRCU
0010 select BUILD_BIN2C
0011 default n
0012 help
0013 This selects TOMOYO Linux, pathname-based access control.
0014 Required userspace tools and further information may be
0015 found at <http://tomoyo.sourceforge.jp/>.
0016 If you are unsure how to answer this question, answer N.
0017
0018 config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
0019 int "Default maximal count for learning mode"
0020 default 2048
0021 range 0 2147483647
0022 depends on SECURITY_TOMOYO
0023 help
0024 This is the default value for maximal ACL entries
0025 that are automatically appended into policy at "learning mode".
0026 Some programs access thousands of objects, so running
0027 such programs in "learning mode" dulls the system response
0028 and consumes much memory.
0029 This is the safeguard for such programs.
0030
0031 config SECURITY_TOMOYO_MAX_AUDIT_LOG
0032 int "Default maximal count for audit log"
0033 default 1024
0034 range 0 2147483647
0035 depends on SECURITY_TOMOYO
0036 help
0037 This is the default value for maximal entries for
0038 audit logs that the kernel can hold on memory.
0039 You can read the log via /sys/kernel/security/tomoyo/audit.
0040 If you don't need audit logs, you may set this value to 0.
0041
0042 config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
0043 bool "Activate without calling userspace policy loader."
0044 default n
0045 depends on SECURITY_TOMOYO
0046 help
0047 Say Y here if you want to activate access control as soon as built-in
0048 policy was loaded. This option will be useful for systems where
0049 operations which can lead to the hijacking of the boot sequence are
0050 needed before loading the policy. For example, you can activate
0051 immediately after loading the fixed part of policy which will allow
0052 only operations needed for mounting a partition which contains the
0053 variant part of policy and verifying (e.g. running GPG check) and
0054 loading the variant part of policy. Since you can start using
0055 enforcing mode from the beginning, you can reduce the possibility of
0056 hijacking the boot sequence.
0057
0058 config SECURITY_TOMOYO_POLICY_LOADER
0059 string "Location of userspace policy loader"
0060 default "/sbin/tomoyo-init"
0061 depends on SECURITY_TOMOYO
0062 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
0063 help
0064 This is the default pathname of policy loader which is called before
0065 activation. You can override this setting via TOMOYO_loader= kernel
0066 command line option.
0067
0068 config SECURITY_TOMOYO_ACTIVATION_TRIGGER
0069 string "Trigger for calling userspace policy loader"
0070 default "/sbin/init"
0071 depends on SECURITY_TOMOYO
0072 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
0073 help
0074 This is the default pathname of activation trigger.
0075 You can override this setting via TOMOYO_trigger= kernel command line
0076 option. For example, if you pass init=/bin/systemd option, you may
0077 want to also pass TOMOYO_trigger=/bin/systemd option.
0078
0079 config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
0080 bool "Use insecure built-in settings for fuzzing tests."
0081 default n
0082 depends on SECURITY_TOMOYO
0083 select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
0084 help
0085 Enabling this option forces minimal built-in policy and disables
0086 domain/program checks for run-time policy modifications. Please enable
0087 this option only if this kernel is built for doing fuzzing tests.
