| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | config SECURITY_TOMOYO |
| 2 | bool "TOMOYO Linux Support" |
| 3 | depends on SECURITY |
| 4 | depends on NET |
| 5 | select SECURITYFS |
| 6 | select SECURITY_PATH |
| 7 | select SECURITY_NETWORK |
| 8 | default n |
| 9 | help |
| 10 | This selects TOMOYO Linux, pathname-based access control. |
| 11 | Required userspace tools and further information may be |
| 12 | found at <http://tomoyo.sourceforge.jp/>. |
| 13 | If you are unsure how to answer this question, answer N. |
| 14 | |
| 15 | config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY |
| 16 | int "Default maximal count for learning mode" |
| 17 | default 2048 |
| 18 | range 0 2147483647 |
| 19 | depends on SECURITY_TOMOYO |
| 20 | help |
| 21 | This is the default value for maximal ACL entries |
| 22 | that are automatically appended into policy at "learning mode". |
| 23 | Some programs access thousands of objects, so running |
| 24 | such programs in "learning mode" dulls the system response |
| 25 | and consumes much memory. |
| 26 | This is the safeguard for such programs. |
| 27 | |
| 28 | config SECURITY_TOMOYO_MAX_AUDIT_LOG |
| 29 | int "Default maximal count for audit log" |
| 30 | default 1024 |
| 31 | range 0 2147483647 |
| 32 | depends on SECURITY_TOMOYO |
| 33 | help |
| 34 | This is the default value for maximal entries for |
| 35 | audit logs that the kernel can hold on memory. |
| 36 | You can read the log via /sys/kernel/security/tomoyo/audit. |
| 37 | If you don't need audit logs, you may set this value to 0. |
| 38 | |
| 39 | config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 40 | bool "Activate without calling userspace policy loader." |
| 41 | default n |
| 42 | depends on SECURITY_TOMOYO |
| 43 | ---help--- |
| 44 | Say Y here if you want to activate access control as soon as built-in |
| 45 | policy was loaded. This option will be useful for systems where |
| 46 | operations which can lead to the hijacking of the boot sequence are |
| 47 | needed before loading the policy. For example, you can activate |
| 48 | immediately after loading the fixed part of policy which will allow |
| 49 | only operations needed for mounting a partition which contains the |
| 50 | variant part of policy and verifying (e.g. running GPG check) and |
| 51 | loading the variant part of policy. Since you can start using |
| 52 | enforcing mode from the beginning, you can reduce the possibility of |
| 53 | hijacking the boot sequence. |
| 54 | |
| 55 | config SECURITY_TOMOYO_POLICY_LOADER |
| 56 | string "Location of userspace policy loader" |
| 57 | default "/sbin/tomoyo-init" |
| 58 | depends on SECURITY_TOMOYO |
| 59 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 60 | ---help--- |
| 61 | This is the default pathname of policy loader which is called before |
| 62 | activation. You can override this setting via TOMOYO_loader= kernel |
| 63 | command line option. |
| 64 | |
| 65 | config SECURITY_TOMOYO_ACTIVATION_TRIGGER |
| 66 | string "Trigger for calling userspace policy loader" |
| 67 | default "/sbin/init" |
| 68 | depends on SECURITY_TOMOYO |
| 69 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 70 | ---help--- |
| 71 | This is the default pathname of activation trigger. |
| 72 | You can override this setting via TOMOYO_trigger= kernel command line |
| 73 | option. For example, if you pass init=/bin/systemd option, you may |
| 74 | want to also pass TOMOYO_trigger=/bin/systemd option. |