1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 200d7d6f8SKentaro Takedaconfig SECURITY_TOMOYO 300d7d6f8SKentaro Takeda bool "TOMOYO Linux Support" 400d7d6f8SKentaro Takeda depends on SECURITY 5059d84dbSTetsuo Handa depends on NET 600d7d6f8SKentaro Takeda select SECURITYFS 700d7d6f8SKentaro Takeda select SECURITY_PATH 8059d84dbSTetsuo Handa select SECURITY_NETWORK 900d7d6f8SKentaro Takeda default n 1000d7d6f8SKentaro Takeda help 1100d7d6f8SKentaro Takeda This selects TOMOYO Linux, pathname-based access control. 1200d7d6f8SKentaro Takeda Required userspace tools and further information may be 13*fa17087eSTetsuo Handa found at <https://tomoyo.osdn.jp/>. 1400d7d6f8SKentaro Takeda If you are unsure how to answer this question, answer N. 150e4ae0e0STetsuo Handa 160e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_MAX_ACCEPT_ENTRY 170e4ae0e0STetsuo Handa int "Default maximal count for learning mode" 180e4ae0e0STetsuo Handa default 2048 190e4ae0e0STetsuo Handa range 0 2147483647 200e4ae0e0STetsuo Handa depends on SECURITY_TOMOYO 210e4ae0e0STetsuo Handa help 220e4ae0e0STetsuo Handa This is the default value for maximal ACL entries 230e4ae0e0STetsuo Handa that are automatically appended into policy at "learning mode". 240e4ae0e0STetsuo Handa Some programs access thousands of objects, so running 250e4ae0e0STetsuo Handa such programs in "learning mode" dulls the system response 260e4ae0e0STetsuo Handa and consumes much memory. 270e4ae0e0STetsuo Handa This is the safeguard for such programs. 280e4ae0e0STetsuo Handa 290e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_MAX_AUDIT_LOG 300e4ae0e0STetsuo Handa int "Default maximal count for audit log" 310e4ae0e0STetsuo Handa default 1024 320e4ae0e0STetsuo Handa range 0 2147483647 330e4ae0e0STetsuo Handa depends on SECURITY_TOMOYO 340e4ae0e0STetsuo Handa help 350e4ae0e0STetsuo Handa This is the default value for maximal entries for 360e4ae0e0STetsuo Handa audit logs that the kernel can hold on memory. 370e4ae0e0STetsuo Handa You can read the log via /sys/kernel/security/tomoyo/audit. 380e4ae0e0STetsuo Handa If you don't need audit logs, you may set this value to 0. 390e4ae0e0STetsuo Handa 400e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 410e4ae0e0STetsuo Handa bool "Activate without calling userspace policy loader." 420e4ae0e0STetsuo Handa default n 430e4ae0e0STetsuo Handa depends on SECURITY_TOMOYO 44a7f7f624SMasahiro Yamada help 450e4ae0e0STetsuo Handa Say Y here if you want to activate access control as soon as built-in 460e4ae0e0STetsuo Handa policy was loaded. This option will be useful for systems where 470e4ae0e0STetsuo Handa operations which can lead to the hijacking of the boot sequence are 480e4ae0e0STetsuo Handa needed before loading the policy. For example, you can activate 490e4ae0e0STetsuo Handa immediately after loading the fixed part of policy which will allow 500e4ae0e0STetsuo Handa only operations needed for mounting a partition which contains the 510e4ae0e0STetsuo Handa variant part of policy and verifying (e.g. running GPG check) and 520e4ae0e0STetsuo Handa loading the variant part of policy. Since you can start using 530e4ae0e0STetsuo Handa enforcing mode from the beginning, you can reduce the possibility of 540e4ae0e0STetsuo Handa hijacking the boot sequence. 550e4ae0e0STetsuo Handa 560e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_POLICY_LOADER 570e4ae0e0STetsuo Handa string "Location of userspace policy loader" 580e4ae0e0STetsuo Handa default "/sbin/tomoyo-init" 590e4ae0e0STetsuo Handa depends on SECURITY_TOMOYO 600e4ae0e0STetsuo Handa depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 61a7f7f624SMasahiro Yamada help 620e4ae0e0STetsuo Handa This is the default pathname of policy loader which is called before 630e4ae0e0STetsuo Handa activation. You can override this setting via TOMOYO_loader= kernel 640e4ae0e0STetsuo Handa command line option. 650e4ae0e0STetsuo Handa 660e4ae0e0STetsuo Handaconfig SECURITY_TOMOYO_ACTIVATION_TRIGGER 670e4ae0e0STetsuo Handa string "Trigger for calling userspace policy loader" 680e4ae0e0STetsuo Handa default "/sbin/init" 690e4ae0e0STetsuo Handa depends on SECURITY_TOMOYO 700e4ae0e0STetsuo Handa depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 71a7f7f624SMasahiro Yamada help 720e4ae0e0STetsuo Handa This is the default pathname of activation trigger. 730e4ae0e0STetsuo Handa You can override this setting via TOMOYO_trigger= kernel command line 740e4ae0e0STetsuo Handa option. For example, if you pass init=/bin/systemd option, you may 750e4ae0e0STetsuo Handa want to also pass TOMOYO_trigger=/bin/systemd option. 76e80b1859STetsuo Handa 77e80b1859STetsuo Handaconfig SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING 78e80b1859STetsuo Handa bool "Use insecure built-in settings for fuzzing tests." 79e80b1859STetsuo Handa default n 80e80b1859STetsuo Handa depends on SECURITY_TOMOYO 81e80b1859STetsuo Handa select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 82e80b1859STetsuo Handa help 83e80b1859STetsuo Handa Enabling this option forces minimal built-in policy and disables 84e80b1859STetsuo Handa domain/program checks for run-time policy modifications. Please enable 85e80b1859STetsuo Handa this option only if this kernel is built for doing fuzzing tests. 86