xref: /openbmc/linux/security/tomoyo/Kconfig (revision fa17087e) 
1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only
200d7d6f8SKentaro Takedaconfig SECURITY_TOMOYO
300d7d6f8SKentaro Takeda	bool "TOMOYO Linux Support"
400d7d6f8SKentaro Takeda	depends on SECURITY
5059d84dbSTetsuo Handa	depends on NET
600d7d6f8SKentaro Takeda	select SECURITYFS
700d7d6f8SKentaro Takeda	select SECURITY_PATH
8059d84dbSTetsuo Handa	select SECURITY_NETWORK
900d7d6f8SKentaro Takeda	default n
1000d7d6f8SKentaro Takeda	help
1100d7d6f8SKentaro Takeda	  This selects TOMOYO Linux, pathname-based access control.
1200d7d6f8SKentaro Takeda	  Required userspace tools and further information may be
13*fa17087eSTetsuo Handa	  found at <https://tomoyo.osdn.jp/>.
1400d7d6f8SKentaro Takeda	  If you are unsure how to answer this question, answer N.
150e4ae0e0STetsuo Handa
160e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_MAX_ACCEPT_ENTRY
170e4ae0e0STetsuo Handa	int "Default maximal count for learning mode"
180e4ae0e0STetsuo Handa	default 2048
190e4ae0e0STetsuo Handa	range 0 2147483647
200e4ae0e0STetsuo Handa	depends on SECURITY_TOMOYO
210e4ae0e0STetsuo Handa	help
220e4ae0e0STetsuo Handa	  This is the default value for maximal ACL entries
230e4ae0e0STetsuo Handa	  that are automatically appended into policy at "learning mode".
240e4ae0e0STetsuo Handa	  Some programs access thousands of objects, so running
250e4ae0e0STetsuo Handa	  such programs in "learning mode" dulls the system response
260e4ae0e0STetsuo Handa	  and consumes much memory.
270e4ae0e0STetsuo Handa	  This is the safeguard for such programs.
280e4ae0e0STetsuo Handa
290e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_MAX_AUDIT_LOG
300e4ae0e0STetsuo Handa	int "Default maximal count for audit log"
310e4ae0e0STetsuo Handa	default 1024
320e4ae0e0STetsuo Handa	range 0 2147483647
330e4ae0e0STetsuo Handa	depends on SECURITY_TOMOYO
340e4ae0e0STetsuo Handa	help
350e4ae0e0STetsuo Handa	  This is the default value for maximal entries for
360e4ae0e0STetsuo Handa	  audit logs that the kernel can hold on memory.
370e4ae0e0STetsuo Handa	  You can read the log via /sys/kernel/security/tomoyo/audit.
380e4ae0e0STetsuo Handa	  If you don't need audit logs, you may set this value to 0.
390e4ae0e0STetsuo Handa
400e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
410e4ae0e0STetsuo Handa	bool "Activate without calling userspace policy loader."
420e4ae0e0STetsuo Handa	default n
430e4ae0e0STetsuo Handa	depends on SECURITY_TOMOYO
44a7f7f624SMasahiro Yamada	help
450e4ae0e0STetsuo Handa	  Say Y here if you want to activate access control as soon as built-in
460e4ae0e0STetsuo Handa	  policy was loaded. This option will be useful for systems where
470e4ae0e0STetsuo Handa	  operations which can lead to the hijacking of the boot sequence are
480e4ae0e0STetsuo Handa	  needed before loading the policy. For example, you can activate
490e4ae0e0STetsuo Handa	  immediately after loading the fixed part of policy which will allow
500e4ae0e0STetsuo Handa	  only operations needed for mounting a partition which contains the
510e4ae0e0STetsuo Handa	  variant part of policy and verifying (e.g. running GPG check) and
520e4ae0e0STetsuo Handa	  loading the variant part of policy. Since you can start using
530e4ae0e0STetsuo Handa	  enforcing mode from the beginning, you can reduce the possibility of
540e4ae0e0STetsuo Handa	  hijacking the boot sequence.
550e4ae0e0STetsuo Handa
560e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_POLICY_LOADER
570e4ae0e0STetsuo Handa	string "Location of userspace policy loader"
580e4ae0e0STetsuo Handa	default "/sbin/tomoyo-init"
590e4ae0e0STetsuo Handa	depends on SECURITY_TOMOYO
600e4ae0e0STetsuo Handa	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
61a7f7f624SMasahiro Yamada	help
620e4ae0e0STetsuo Handa	  This is the default pathname of policy loader which is called before
630e4ae0e0STetsuo Handa	  activation. You can override this setting via TOMOYO_loader= kernel
640e4ae0e0STetsuo Handa	  command line option.
650e4ae0e0STetsuo Handa
660e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_ACTIVATION_TRIGGER
670e4ae0e0STetsuo Handa	string "Trigger for calling userspace policy loader"
680e4ae0e0STetsuo Handa	default "/sbin/init"
690e4ae0e0STetsuo Handa	depends on SECURITY_TOMOYO
700e4ae0e0STetsuo Handa	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
71a7f7f624SMasahiro Yamada	help
720e4ae0e0STetsuo Handa	  This is the default pathname of activation trigger.
730e4ae0e0STetsuo Handa	  You can override this setting via TOMOYO_trigger= kernel command line
740e4ae0e0STetsuo Handa	  option. For example, if you pass init=/bin/systemd option, you may
750e4ae0e0STetsuo Handa	  want to also pass TOMOYO_trigger=/bin/systemd option.
76e80b1859STetsuo Handa
77e80b1859STetsuo Handaconfig SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
78e80b1859STetsuo Handa	bool "Use insecure built-in settings for fuzzing tests."
79e80b1859STetsuo Handa	default n
80e80b1859STetsuo Handa	depends on SECURITY_TOMOYO
81e80b1859STetsuo Handa	select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
82e80b1859STetsuo Handa	help
83e80b1859STetsuo Handa	  Enabling this option forces minimal built-in policy and disables
84e80b1859STetsuo Handa	  domain/program checks for run-time policy modifications. Please enable
85e80b1859STetsuo Handa	  this option only if this kernel is built for doing fuzzing tests.
86