Thomas Gleixner | ec8f24b | 2019-05-19 13:07:45 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
Kentaro Takeda | 00d7d6f | 2009-02-05 17:18:17 +0900 | [diff] [blame] | 2 | config SECURITY_TOMOYO |
| 3 | bool "TOMOYO Linux Support" |
| 4 | depends on SECURITY |
Tetsuo Handa | 059d84d | 2011-09-10 15:23:54 +0900 | [diff] [blame] | 5 | depends on NET |
Kentaro Takeda | 00d7d6f | 2009-02-05 17:18:17 +0900 | [diff] [blame] | 6 | select SECURITYFS |
| 7 | select SECURITY_PATH |
Tetsuo Handa | 059d84d | 2011-09-10 15:23:54 +0900 | [diff] [blame] | 8 | select SECURITY_NETWORK |
Pranith Kumar | 83fe27e | 2014-12-05 11:24:45 -0500 | [diff] [blame] | 9 | select SRCU |
Michal Marek | 7e114bb | 2015-01-09 14:08:26 +0100 | [diff] [blame] | 10 | select BUILD_BIN2C |
Kentaro Takeda | 00d7d6f | 2009-02-05 17:18:17 +0900 | [diff] [blame] | 11 | default n |
| 12 | help |
| 13 | This selects TOMOYO Linux, pathname-based access control. |
| 14 | Required userspace tools and further information may be |
| 15 | found at <http://tomoyo.sourceforge.jp/>. |
| 16 | If you are unsure how to answer this question, answer N. |
Tetsuo Handa | 0e4ae0e | 2011-06-26 23:22:59 +0900 | [diff] [blame] | 17 | |
| 18 | config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY |
| 19 | int "Default maximal count for learning mode" |
| 20 | default 2048 |
| 21 | range 0 2147483647 |
| 22 | depends on SECURITY_TOMOYO |
| 23 | help |
| 24 | This is the default value for maximal ACL entries |
| 25 | that are automatically appended into policy at "learning mode". |
| 26 | Some programs access thousands of objects, so running |
| 27 | such programs in "learning mode" dulls the system response |
| 28 | and consumes much memory. |
| 29 | This is the safeguard for such programs. |
| 30 | |
| 31 | config SECURITY_TOMOYO_MAX_AUDIT_LOG |
| 32 | int "Default maximal count for audit log" |
| 33 | default 1024 |
| 34 | range 0 2147483647 |
| 35 | depends on SECURITY_TOMOYO |
| 36 | help |
| 37 | This is the default value for maximal entries for |
| 38 | audit logs that the kernel can hold on memory. |
| 39 | You can read the log via /sys/kernel/security/tomoyo/audit. |
| 40 | If you don't need audit logs, you may set this value to 0. |
| 41 | |
| 42 | config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 43 | bool "Activate without calling userspace policy loader." |
| 44 | default n |
| 45 | depends on SECURITY_TOMOYO |
Masahiro Yamada | a7f7f62 | 2020-06-14 01:50:22 +0900 | [diff] [blame] | 46 | help |
Tetsuo Handa | 0e4ae0e | 2011-06-26 23:22:59 +0900 | [diff] [blame] | 47 | Say Y here if you want to activate access control as soon as built-in |
| 48 | policy was loaded. This option will be useful for systems where |
| 49 | operations which can lead to the hijacking of the boot sequence are |
| 50 | needed before loading the policy. For example, you can activate |
| 51 | immediately after loading the fixed part of policy which will allow |
| 52 | only operations needed for mounting a partition which contains the |
| 53 | variant part of policy and verifying (e.g. running GPG check) and |
| 54 | loading the variant part of policy. Since you can start using |
| 55 | enforcing mode from the beginning, you can reduce the possibility of |
| 56 | hijacking the boot sequence. |
| 57 | |
| 58 | config SECURITY_TOMOYO_POLICY_LOADER |
| 59 | string "Location of userspace policy loader" |
| 60 | default "/sbin/tomoyo-init" |
| 61 | depends on SECURITY_TOMOYO |
| 62 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
Masahiro Yamada | a7f7f62 | 2020-06-14 01:50:22 +0900 | [diff] [blame] | 63 | help |
Tetsuo Handa | 0e4ae0e | 2011-06-26 23:22:59 +0900 | [diff] [blame] | 64 | This is the default pathname of policy loader which is called before |
| 65 | activation. You can override this setting via TOMOYO_loader= kernel |
| 66 | command line option. |
| 67 | |
| 68 | config SECURITY_TOMOYO_ACTIVATION_TRIGGER |
| 69 | string "Trigger for calling userspace policy loader" |
| 70 | default "/sbin/init" |
| 71 | depends on SECURITY_TOMOYO |
| 72 | depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
Masahiro Yamada | a7f7f62 | 2020-06-14 01:50:22 +0900 | [diff] [blame] | 73 | help |
Tetsuo Handa | 0e4ae0e | 2011-06-26 23:22:59 +0900 | [diff] [blame] | 74 | This is the default pathname of activation trigger. |
| 75 | You can override this setting via TOMOYO_trigger= kernel command line |
| 76 | option. For example, if you pass init=/bin/systemd option, you may |
| 77 | want to also pass TOMOYO_trigger=/bin/systemd option. |
Tetsuo Handa | e80b185 | 2019-04-12 20:04:54 +0900 | [diff] [blame] | 78 | |
| 79 | config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING |
| 80 | bool "Use insecure built-in settings for fuzzing tests." |
| 81 | default n |
| 82 | depends on SECURITY_TOMOYO |
| 83 | select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 84 | help |
| 85 | Enabling this option forces minimal built-in policy and disables |
| 86 | domain/program checks for run-time policy modifications. Please enable |
| 87 | this option only if this kernel is built for doing fuzzing tests. |