11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# Security configuration 31da177e4SLinus Torvalds# 41da177e4SLinus Torvalds 51da177e4SLinus Torvaldsmenu "Security options" 61da177e4SLinus Torvalds 71da177e4SLinus Torvaldsconfig KEYS 81da177e4SLinus Torvalds bool "Enable access key retention support" 91da177e4SLinus Torvalds help 101da177e4SLinus Torvalds This option provides support for retaining authentication tokens and 111da177e4SLinus Torvalds access keys in the kernel. 121da177e4SLinus Torvalds 131da177e4SLinus Torvalds It also includes provision of methods by which such keys might be 141da177e4SLinus Torvalds associated with a process so that network filesystems, encryption 151da177e4SLinus Torvalds support and the like can find them. 161da177e4SLinus Torvalds 171da177e4SLinus Torvalds Furthermore, a special type of key is available that acts as keyring: 181da177e4SLinus Torvalds a searchable sequence of keys. Each process is equipped with access 191da177e4SLinus Torvalds to five standard keyrings: UID-specific, GID-specific, session, 201da177e4SLinus Torvalds process and thread. 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds If you are unsure as to whether this is required, answer N. 231da177e4SLinus Torvalds 241da177e4SLinus Torvaldsconfig KEYS_DEBUG_PROC_KEYS 2506ec7be5SMichael LeMay bool "Enable the /proc/keys file by which keys may be viewed" 261da177e4SLinus Torvalds depends on KEYS 271da177e4SLinus Torvalds help 2806ec7be5SMichael LeMay This option turns on support for the /proc/keys file - through which 2906ec7be5SMichael LeMay can be listed all the keys on the system that are viewable by the 3006ec7be5SMichael LeMay reading process. 311da177e4SLinus Torvalds 3206ec7be5SMichael LeMay The only keys included in the list are those that grant View 3306ec7be5SMichael LeMay permission to the reading process whether or not it possesses them. 3406ec7be5SMichael LeMay Note that LSM security checks are still performed, and may further 3506ec7be5SMichael LeMay filter out keys that the current process is not authorised to view. 3606ec7be5SMichael LeMay 3706ec7be5SMichael LeMay Only key attributes are listed here; key payloads are not included in 3806ec7be5SMichael LeMay the resulting table. 3906ec7be5SMichael LeMay 4006ec7be5SMichael LeMay If you are unsure as to whether this is required, answer N. 411da177e4SLinus Torvalds 421da177e4SLinus Torvaldsconfig SECURITY 431da177e4SLinus Torvalds bool "Enable different security models" 442c40579bSAdrian Bunk depends on SYSFS 451da177e4SLinus Torvalds help 461da177e4SLinus Torvalds This allows you to choose different security modules to be 471da177e4SLinus Torvalds configured into your kernel. 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds If this option is not selected, the default Linux security 501da177e4SLinus Torvalds model will be used. 511da177e4SLinus Torvalds 521da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 531da177e4SLinus Torvalds 541da177e4SLinus Torvaldsconfig SECURITY_NETWORK 551da177e4SLinus Torvalds bool "Socket and Networking Security Hooks" 561da177e4SLinus Torvalds depends on SECURITY 571da177e4SLinus Torvalds help 581da177e4SLinus Torvalds This enables the socket and networking security hooks. 591da177e4SLinus Torvalds If enabled, a security module can use these hooks to 601da177e4SLinus Torvalds implement socket and networking access controls. 611da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 621da177e4SLinus Torvalds 63df71837dSTrent Jaegerconfig SECURITY_NETWORK_XFRM 64df71837dSTrent Jaeger bool "XFRM (IPSec) Networking Security Hooks" 65df71837dSTrent Jaeger depends on XFRM && SECURITY_NETWORK 66df71837dSTrent Jaeger help 67df71837dSTrent Jaeger This enables the XFRM (IPSec) networking security hooks. 68df71837dSTrent Jaeger If enabled, a security module can use these hooks to 69df71837dSTrent Jaeger implement per-packet access controls based on labels 70df71837dSTrent Jaeger derived from IPSec policy. Non-IPSec communications are 71df71837dSTrent Jaeger designated as unlabelled, and only sockets authorized 72df71837dSTrent Jaeger to communicate unlabelled data can send without using 73df71837dSTrent Jaeger IPSec. 74df71837dSTrent Jaeger If you are unsure how to answer this question, answer N. 75df71837dSTrent Jaeger 76b5376771SSerge E. Hallynconfig SECURITY_FILE_CAPABILITIES 7784aaa7abSAndrew G. Morgan bool "File POSIX Capabilities" 78b5376771SSerge E. Hallyn default n 79b5376771SSerge E. Hallyn help 80b5376771SSerge E. Hallyn This enables filesystem capabilities, allowing you to give 81b5376771SSerge E. Hallyn binaries a subset of root's powers without using setuid 0. 82b5376771SSerge E. Hallyn 83b5376771SSerge E. Hallyn If in doubt, answer N. 84b5376771SSerge E. Hallyn 851da177e4SLinus Torvaldsconfig SECURITY_ROOTPLUG 8620510f2fSJames Morris bool "Root Plug Support" 8720510f2fSJames Morris depends on USB=y && SECURITY 881da177e4SLinus Torvalds help 891da177e4SLinus Torvalds This is a sample LSM module that should only be used as such. 901da177e4SLinus Torvalds It prevents any programs running with egid == 0 if a specific 911da177e4SLinus Torvalds USB device is not present in the system. 921da177e4SLinus Torvalds 931da177e4SLinus Torvalds See <http://www.linuxjournal.com/article.php?sid=6279> for 941da177e4SLinus Torvalds more information about this module. 951da177e4SLinus Torvalds 961da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 971da177e4SLinus Torvalds 98a5ecbcb8SEric Parisconfig SECURITY_DEFAULT_MMAP_MIN_ADDR 99a5ecbcb8SEric Paris int "Low address space to protect from user allocation" 100a5ecbcb8SEric Paris depends on SECURITY 101a5ecbcb8SEric Paris default 0 102a5ecbcb8SEric Paris help 103a5ecbcb8SEric Paris This is the portion of low virtual memory which should be protected 104a5ecbcb8SEric Paris from userspace allocation. Keeping a user from writing to low pages 105a5ecbcb8SEric Paris can help reduce the impact of kernel NULL pointer bugs. 106a5ecbcb8SEric Paris 1075f46ce14Smaximilian attems For most ia64, ppc64 and x86 users with lots of address space 1085f46ce14Smaximilian attems a value of 65536 is reasonable and should cause no problems. 1095f46ce14Smaximilian attems On arm and other archs it should not be higher than 32768. 1105f46ce14Smaximilian attems Programs which use vm86 functionality would either need additional 1115f46ce14Smaximilian attems permissions from either the LSM or the capabilities module or have 1125f46ce14Smaximilian attems this protection disabled. 113a5ecbcb8SEric Paris 114a5ecbcb8SEric Paris This value can be changed after boot using the 115a5ecbcb8SEric Paris /proc/sys/vm/mmap_min_addr tunable. 116a5ecbcb8SEric Paris 117a5ecbcb8SEric Paris 1181da177e4SLinus Torvaldssource security/selinux/Kconfig 119e114e473SCasey Schauflersource security/smack/Kconfig 1201da177e4SLinus Torvalds 1211da177e4SLinus Torvaldsendmenu 1221da177e4SLinus Torvalds 123