11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# Security configuration 31da177e4SLinus Torvalds# 41da177e4SLinus Torvalds 51da177e4SLinus Torvaldsmenu "Security options" 61da177e4SLinus Torvalds 71da177e4SLinus Torvaldsconfig KEYS 81da177e4SLinus Torvalds bool "Enable access key retention support" 91da177e4SLinus Torvalds help 101da177e4SLinus Torvalds This option provides support for retaining authentication tokens and 111da177e4SLinus Torvalds access keys in the kernel. 121da177e4SLinus Torvalds 131da177e4SLinus Torvalds It also includes provision of methods by which such keys might be 141da177e4SLinus Torvalds associated with a process so that network filesystems, encryption 151da177e4SLinus Torvalds support and the like can find them. 161da177e4SLinus Torvalds 171da177e4SLinus Torvalds Furthermore, a special type of key is available that acts as keyring: 181da177e4SLinus Torvalds a searchable sequence of keys. Each process is equipped with access 191da177e4SLinus Torvalds to five standard keyrings: UID-specific, GID-specific, session, 201da177e4SLinus Torvalds process and thread. 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds If you are unsure as to whether this is required, answer N. 231da177e4SLinus Torvalds 241da177e4SLinus Torvaldsconfig KEYS_DEBUG_PROC_KEYS 251da177e4SLinus Torvalds bool "Enable the /proc/keys file by which all keys may be viewed" 261da177e4SLinus Torvalds depends on KEYS 271da177e4SLinus Torvalds help 281da177e4SLinus Torvalds This option turns on support for the /proc/keys file through which 291da177e4SLinus Torvalds all the keys on the system can be listed. 301da177e4SLinus Torvalds 311da177e4SLinus Torvalds This option is a slight security risk in that it makes it possible 321da177e4SLinus Torvalds for anyone to see all the keys on the system. Normally the manager 331da177e4SLinus Torvalds pretends keys that are inaccessible to a process don't exist as far 341da177e4SLinus Torvalds as that process is concerned. 351da177e4SLinus Torvalds 361da177e4SLinus Torvaldsconfig SECURITY 371da177e4SLinus Torvalds bool "Enable different security models" 38*2c40579bSAdrian Bunk depends on SYSFS 391da177e4SLinus Torvalds help 401da177e4SLinus Torvalds This allows you to choose different security modules to be 411da177e4SLinus Torvalds configured into your kernel. 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds If this option is not selected, the default Linux security 441da177e4SLinus Torvalds model will be used. 451da177e4SLinus Torvalds 461da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 471da177e4SLinus Torvalds 481da177e4SLinus Torvaldsconfig SECURITY_NETWORK 491da177e4SLinus Torvalds bool "Socket and Networking Security Hooks" 501da177e4SLinus Torvalds depends on SECURITY 511da177e4SLinus Torvalds help 521da177e4SLinus Torvalds This enables the socket and networking security hooks. 531da177e4SLinus Torvalds If enabled, a security module can use these hooks to 541da177e4SLinus Torvalds implement socket and networking access controls. 551da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 561da177e4SLinus Torvalds 571da177e4SLinus Torvaldsconfig SECURITY_CAPABILITIES 581da177e4SLinus Torvalds tristate "Default Linux Capabilities" 591da177e4SLinus Torvalds depends on SECURITY 601da177e4SLinus Torvalds help 611da177e4SLinus Torvalds This enables the "default" Linux capabilities functionality. 621da177e4SLinus Torvalds If you are unsure how to answer this question, answer Y. 631da177e4SLinus Torvalds 641da177e4SLinus Torvaldsconfig SECURITY_ROOTPLUG 651da177e4SLinus Torvalds tristate "Root Plug Support" 661da177e4SLinus Torvalds depends on USB && SECURITY 671da177e4SLinus Torvalds help 681da177e4SLinus Torvalds This is a sample LSM module that should only be used as such. 691da177e4SLinus Torvalds It prevents any programs running with egid == 0 if a specific 701da177e4SLinus Torvalds USB device is not present in the system. 711da177e4SLinus Torvalds 721da177e4SLinus Torvalds See <http://www.linuxjournal.com/article.php?sid=6279> for 731da177e4SLinus Torvalds more information about this module. 741da177e4SLinus Torvalds 751da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 761da177e4SLinus Torvalds 771da177e4SLinus Torvaldsconfig SECURITY_SECLVL 781da177e4SLinus Torvalds tristate "BSD Secure Levels" 791da177e4SLinus Torvalds depends on SECURITY 801da177e4SLinus Torvalds select CRYPTO 811da177e4SLinus Torvalds select CRYPTO_SHA1 821da177e4SLinus Torvalds help 831da177e4SLinus Torvalds Implements BSD Secure Levels as an LSM. See 841da177e4SLinus Torvalds <file:Documentation/seclvl.txt> for instructions on how to use this 851da177e4SLinus Torvalds module. 861da177e4SLinus Torvalds 871da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 881da177e4SLinus Torvalds 891da177e4SLinus Torvaldssource security/selinux/Kconfig 901da177e4SLinus Torvalds 911da177e4SLinus Torvaldsendmenu 921da177e4SLinus Torvalds 93