11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# Security configuration 31da177e4SLinus Torvalds# 41da177e4SLinus Torvalds 51da177e4SLinus Torvaldsmenu "Security options" 61da177e4SLinus Torvalds 7f0894940SDavid Howellssource security/keys/Kconfig 81da177e4SLinus Torvalds 9eaf06b24SDan Rosenbergconfig SECURITY_DMESG_RESTRICT 10eaf06b24SDan Rosenberg bool "Restrict unprivileged access to the kernel syslog" 11eaf06b24SDan Rosenberg default n 12eaf06b24SDan Rosenberg help 13eaf06b24SDan Rosenberg This enforces restrictions on unprivileged users reading the kernel 14eaf06b24SDan Rosenberg syslog via dmesg(8). 15eaf06b24SDan Rosenberg 16eaf06b24SDan Rosenberg If this option is not selected, no restrictions will be enforced 17eaf06b24SDan Rosenberg unless the dmesg_restrict sysctl is explicitly set to (1). 18eaf06b24SDan Rosenberg 19eaf06b24SDan Rosenberg If you are unsure how to answer this question, answer N. 20eaf06b24SDan Rosenberg 211da177e4SLinus Torvaldsconfig SECURITY 221da177e4SLinus Torvalds bool "Enable different security models" 232c40579bSAdrian Bunk depends on SYSFS 242813893fSIulia Manda depends on MULTIUSER 251da177e4SLinus Torvalds help 261da177e4SLinus Torvalds This allows you to choose different security modules to be 271da177e4SLinus Torvalds configured into your kernel. 281da177e4SLinus Torvalds 291da177e4SLinus Torvalds If this option is not selected, the default Linux security 301da177e4SLinus Torvalds model will be used. 311da177e4SLinus Torvalds 321da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 331da177e4SLinus Torvalds 34da31894eSEric Parisconfig SECURITYFS 35da31894eSEric Paris bool "Enable the securityfs filesystem" 36da31894eSEric Paris help 37da31894eSEric Paris This will build the securityfs filesystem. It is currently used by 383323eec9SMimi Zohar the TPM bios character driver and IMA, an integrity provider. It is 393323eec9SMimi Zohar not used by SELinux or SMACK. 40da31894eSEric Paris 41da31894eSEric Paris If you are unsure how to answer this question, answer N. 42da31894eSEric Paris 431da177e4SLinus Torvaldsconfig SECURITY_NETWORK 441da177e4SLinus Torvalds bool "Socket and Networking Security Hooks" 451da177e4SLinus Torvalds depends on SECURITY 461da177e4SLinus Torvalds help 471da177e4SLinus Torvalds This enables the socket and networking security hooks. 481da177e4SLinus Torvalds If enabled, a security module can use these hooks to 491da177e4SLinus Torvalds implement socket and networking access controls. 501da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 511da177e4SLinus Torvalds 52df71837dSTrent Jaegerconfig SECURITY_NETWORK_XFRM 53df71837dSTrent Jaeger bool "XFRM (IPSec) Networking Security Hooks" 54df71837dSTrent Jaeger depends on XFRM && SECURITY_NETWORK 55df71837dSTrent Jaeger help 56df71837dSTrent Jaeger This enables the XFRM (IPSec) networking security hooks. 57df71837dSTrent Jaeger If enabled, a security module can use these hooks to 58df71837dSTrent Jaeger implement per-packet access controls based on labels 59df71837dSTrent Jaeger derived from IPSec policy. Non-IPSec communications are 60df71837dSTrent Jaeger designated as unlabelled, and only sockets authorized 61df71837dSTrent Jaeger to communicate unlabelled data can send without using 62df71837dSTrent Jaeger IPSec. 63df71837dSTrent Jaeger If you are unsure how to answer this question, answer N. 64df71837dSTrent Jaeger 65be6d3e56SKentaro Takedaconfig SECURITY_PATH 66be6d3e56SKentaro Takeda bool "Security hooks for pathname based access control" 67be6d3e56SKentaro Takeda depends on SECURITY 68be6d3e56SKentaro Takeda help 69be6d3e56SKentaro Takeda This enables the security hooks for pathname based access control. 70be6d3e56SKentaro Takeda If enabled, a security module can use these hooks to 71be6d3e56SKentaro Takeda implement pathname based access controls. 72be6d3e56SKentaro Takeda If you are unsure how to answer this question, answer N. 73be6d3e56SKentaro Takeda 7431625340SJoseph Cihulaconfig INTEL_TXT 7531625340SJoseph Cihula bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 7669575d38SShane Wang depends on HAVE_INTEL_TXT 7731625340SJoseph Cihula help 7831625340SJoseph Cihula This option enables support for booting the kernel with the 7931625340SJoseph Cihula Trusted Boot (tboot) module. This will utilize 8031625340SJoseph Cihula Intel(R) Trusted Execution Technology to perform a measured launch 8131625340SJoseph Cihula of the kernel. If the system does not support Intel(R) TXT, this 8231625340SJoseph Cihula will have no effect. 8331625340SJoseph Cihula 843c556e41SArnaldo Carvalho de Melo Intel TXT will provide higher assurance of system configuration and 8531625340SJoseph Cihula initial state as well as data reset protection. This is used to 8631625340SJoseph Cihula create a robust initial kernel measurement and verification, which 8731625340SJoseph Cihula helps to ensure that kernel security mechanisms are functioning 8831625340SJoseph Cihula correctly. This level of protection requires a root of trust outside 8931625340SJoseph Cihula of the kernel itself. 9031625340SJoseph Cihula 9131625340SJoseph Cihula Intel TXT also helps solve real end user concerns about having 9231625340SJoseph Cihula confidence that their hardware is running the VMM or kernel that 933c556e41SArnaldo Carvalho de Melo it was configured with, especially since they may be responsible for 9431625340SJoseph Cihula providing such assurances to VMs and services running on it. 9531625340SJoseph Cihula 9631625340SJoseph Cihula See <http://www.intel.com/technology/security/> for more information 9731625340SJoseph Cihula about Intel(R) TXT. 9831625340SJoseph Cihula See <http://tboot.sourceforge.net> for more information about tboot. 9931625340SJoseph Cihula See Documentation/intel_txt.txt for a description of how to enable 10031625340SJoseph Cihula Intel TXT support in a kernel boot. 10131625340SJoseph Cihula 10231625340SJoseph Cihula If you are unsure as to whether this is required, answer N. 10331625340SJoseph Cihula 104788084abSEric Parisconfig LSM_MMAP_MIN_ADDR 105024e6cb4SAndreas Schwab int "Low address space for LSM to protect from user allocation" 106788084abSEric Paris depends on SECURITY && SECURITY_SELINUX 107530b099dSColin Cross default 32768 if ARM || (ARM64 && COMPAT) 108a58578e4SDave Jones default 65536 109788084abSEric Paris help 110788084abSEric Paris This is the portion of low virtual memory which should be protected 111788084abSEric Paris from userspace allocation. Keeping a user from writing to low pages 112788084abSEric Paris can help reduce the impact of kernel NULL pointer bugs. 113788084abSEric Paris 114788084abSEric Paris For most ia64, ppc64 and x86 users with lots of address space 115788084abSEric Paris a value of 65536 is reasonable and should cause no problems. 116788084abSEric Paris On arm and other archs it should not be higher than 32768. 117788084abSEric Paris Programs which use vm86 functionality or have some need to map 118788084abSEric Paris this low address space will need the permission specific to the 119788084abSEric Paris systems running LSM. 120788084abSEric Paris 1211da177e4SLinus Torvaldssource security/selinux/Kconfig 122e114e473SCasey Schauflersource security/smack/Kconfig 12300d7d6f8SKentaro Takedasource security/tomoyo/Kconfig 124f9ad1af5SJohn Johansensource security/apparmor/Kconfig 1252d514487SKees Cooksource security/yama/Kconfig 1261da177e4SLinus Torvalds 127f381c272SMimi Zoharsource security/integrity/Kconfig 1283323eec9SMimi Zohar 1296e65f92fSJohn Johansenchoice 1306e65f92fSJohn Johansen prompt "Default security module" 1316e65f92fSJohn Johansen default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 1326e65f92fSJohn Johansen default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 1336e65f92fSJohn Johansen default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 134f9ad1af5SJohn Johansen default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 1352d514487SKees Cook default DEFAULT_SECURITY_YAMA if SECURITY_YAMA 1366e65f92fSJohn Johansen default DEFAULT_SECURITY_DAC 1376e65f92fSJohn Johansen 1386e65f92fSJohn Johansen help 1396e65f92fSJohn Johansen Select the security module that will be used by default if the 1406e65f92fSJohn Johansen kernel parameter security= is not specified. 1416e65f92fSJohn Johansen 1426e65f92fSJohn Johansen config DEFAULT_SECURITY_SELINUX 1436e65f92fSJohn Johansen bool "SELinux" if SECURITY_SELINUX=y 1446e65f92fSJohn Johansen 1456e65f92fSJohn Johansen config DEFAULT_SECURITY_SMACK 1466e65f92fSJohn Johansen bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 1476e65f92fSJohn Johansen 1486e65f92fSJohn Johansen config DEFAULT_SECURITY_TOMOYO 1496e65f92fSJohn Johansen bool "TOMOYO" if SECURITY_TOMOYO=y 1506e65f92fSJohn Johansen 151f9ad1af5SJohn Johansen config DEFAULT_SECURITY_APPARMOR 152f9ad1af5SJohn Johansen bool "AppArmor" if SECURITY_APPARMOR=y 153f9ad1af5SJohn Johansen 1542d514487SKees Cook config DEFAULT_SECURITY_YAMA 1552d514487SKees Cook bool "Yama" if SECURITY_YAMA=y 1562d514487SKees Cook 1576e65f92fSJohn Johansen config DEFAULT_SECURITY_DAC 1586e65f92fSJohn Johansen bool "Unix Discretionary Access Controls" 1596e65f92fSJohn Johansen 1606e65f92fSJohn Johansenendchoice 1616e65f92fSJohn Johansen 1626e65f92fSJohn Johansenconfig DEFAULT_SECURITY 1636e65f92fSJohn Johansen string 1646e65f92fSJohn Johansen default "selinux" if DEFAULT_SECURITY_SELINUX 1656e65f92fSJohn Johansen default "smack" if DEFAULT_SECURITY_SMACK 1666e65f92fSJohn Johansen default "tomoyo" if DEFAULT_SECURITY_TOMOYO 167f9ad1af5SJohn Johansen default "apparmor" if DEFAULT_SECURITY_APPARMOR 1682d514487SKees Cook default "yama" if DEFAULT_SECURITY_YAMA 1696e65f92fSJohn Johansen default "" if DEFAULT_SECURITY_DAC 1706e65f92fSJohn Johansen 1711da177e4SLinus Torvaldsendmenu 1721da177e4SLinus Torvalds 173