11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# Security configuration 31da177e4SLinus Torvalds# 41da177e4SLinus Torvalds 51da177e4SLinus Torvaldsmenu "Security options" 61da177e4SLinus Torvalds 71da177e4SLinus Torvaldsconfig KEYS 81da177e4SLinus Torvalds bool "Enable access key retention support" 91da177e4SLinus Torvalds help 101da177e4SLinus Torvalds This option provides support for retaining authentication tokens and 111da177e4SLinus Torvalds access keys in the kernel. 121da177e4SLinus Torvalds 131da177e4SLinus Torvalds It also includes provision of methods by which such keys might be 141da177e4SLinus Torvalds associated with a process so that network filesystems, encryption 151da177e4SLinus Torvalds support and the like can find them. 161da177e4SLinus Torvalds 171da177e4SLinus Torvalds Furthermore, a special type of key is available that acts as keyring: 181da177e4SLinus Torvalds a searchable sequence of keys. Each process is equipped with access 191da177e4SLinus Torvalds to five standard keyrings: UID-specific, GID-specific, session, 201da177e4SLinus Torvalds process and thread. 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds If you are unsure as to whether this is required, answer N. 231da177e4SLinus Torvalds 241da177e4SLinus Torvaldsconfig KEYS_DEBUG_PROC_KEYS 2506ec7be5SMichael LeMay bool "Enable the /proc/keys file by which keys may be viewed" 261da177e4SLinus Torvalds depends on KEYS 271da177e4SLinus Torvalds help 2806ec7be5SMichael LeMay This option turns on support for the /proc/keys file - through which 2906ec7be5SMichael LeMay can be listed all the keys on the system that are viewable by the 3006ec7be5SMichael LeMay reading process. 311da177e4SLinus Torvalds 3206ec7be5SMichael LeMay The only keys included in the list are those that grant View 3306ec7be5SMichael LeMay permission to the reading process whether or not it possesses them. 3406ec7be5SMichael LeMay Note that LSM security checks are still performed, and may further 3506ec7be5SMichael LeMay filter out keys that the current process is not authorised to view. 3606ec7be5SMichael LeMay 3706ec7be5SMichael LeMay Only key attributes are listed here; key payloads are not included in 3806ec7be5SMichael LeMay the resulting table. 3906ec7be5SMichael LeMay 4006ec7be5SMichael LeMay If you are unsure as to whether this is required, answer N. 411da177e4SLinus Torvalds 42*eaf06b24SDan Rosenbergconfig SECURITY_DMESG_RESTRICT 43*eaf06b24SDan Rosenberg bool "Restrict unprivileged access to the kernel syslog" 44*eaf06b24SDan Rosenberg default n 45*eaf06b24SDan Rosenberg help 46*eaf06b24SDan Rosenberg This enforces restrictions on unprivileged users reading the kernel 47*eaf06b24SDan Rosenberg syslog via dmesg(8). 48*eaf06b24SDan Rosenberg 49*eaf06b24SDan Rosenberg If this option is not selected, no restrictions will be enforced 50*eaf06b24SDan Rosenberg unless the dmesg_restrict sysctl is explicitly set to (1). 51*eaf06b24SDan Rosenberg 52*eaf06b24SDan Rosenberg If you are unsure how to answer this question, answer N. 53*eaf06b24SDan Rosenberg 541da177e4SLinus Torvaldsconfig SECURITY 551da177e4SLinus Torvalds bool "Enable different security models" 562c40579bSAdrian Bunk depends on SYSFS 571da177e4SLinus Torvalds help 581da177e4SLinus Torvalds This allows you to choose different security modules to be 591da177e4SLinus Torvalds configured into your kernel. 601da177e4SLinus Torvalds 611da177e4SLinus Torvalds If this option is not selected, the default Linux security 621da177e4SLinus Torvalds model will be used. 631da177e4SLinus Torvalds 641da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 651da177e4SLinus Torvalds 66da31894eSEric Parisconfig SECURITYFS 67da31894eSEric Paris bool "Enable the securityfs filesystem" 68da31894eSEric Paris help 69da31894eSEric Paris This will build the securityfs filesystem. It is currently used by 703323eec9SMimi Zohar the TPM bios character driver and IMA, an integrity provider. It is 713323eec9SMimi Zohar not used by SELinux or SMACK. 72da31894eSEric Paris 73da31894eSEric Paris If you are unsure how to answer this question, answer N. 74da31894eSEric Paris 751da177e4SLinus Torvaldsconfig SECURITY_NETWORK 761da177e4SLinus Torvalds bool "Socket and Networking Security Hooks" 771da177e4SLinus Torvalds depends on SECURITY 781da177e4SLinus Torvalds help 791da177e4SLinus Torvalds This enables the socket and networking security hooks. 801da177e4SLinus Torvalds If enabled, a security module can use these hooks to 811da177e4SLinus Torvalds implement socket and networking access controls. 821da177e4SLinus Torvalds If you are unsure how to answer this question, answer N. 831da177e4SLinus Torvalds 84df71837dSTrent Jaegerconfig SECURITY_NETWORK_XFRM 85df71837dSTrent Jaeger bool "XFRM (IPSec) Networking Security Hooks" 86df71837dSTrent Jaeger depends on XFRM && SECURITY_NETWORK 87df71837dSTrent Jaeger help 88df71837dSTrent Jaeger This enables the XFRM (IPSec) networking security hooks. 89df71837dSTrent Jaeger If enabled, a security module can use these hooks to 90df71837dSTrent Jaeger implement per-packet access controls based on labels 91df71837dSTrent Jaeger derived from IPSec policy. Non-IPSec communications are 92df71837dSTrent Jaeger designated as unlabelled, and only sockets authorized 93df71837dSTrent Jaeger to communicate unlabelled data can send without using 94df71837dSTrent Jaeger IPSec. 95df71837dSTrent Jaeger If you are unsure how to answer this question, answer N. 96df71837dSTrent Jaeger 97be6d3e56SKentaro Takedaconfig SECURITY_PATH 98be6d3e56SKentaro Takeda bool "Security hooks for pathname based access control" 99be6d3e56SKentaro Takeda depends on SECURITY 100be6d3e56SKentaro Takeda help 101be6d3e56SKentaro Takeda This enables the security hooks for pathname based access control. 102be6d3e56SKentaro Takeda If enabled, a security module can use these hooks to 103be6d3e56SKentaro Takeda implement pathname based access controls. 104be6d3e56SKentaro Takeda If you are unsure how to answer this question, answer N. 105be6d3e56SKentaro Takeda 10631625340SJoseph Cihulaconfig INTEL_TXT 10731625340SJoseph Cihula bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 10869575d38SShane Wang depends on HAVE_INTEL_TXT 10931625340SJoseph Cihula help 11031625340SJoseph Cihula This option enables support for booting the kernel with the 11131625340SJoseph Cihula Trusted Boot (tboot) module. This will utilize 11231625340SJoseph Cihula Intel(R) Trusted Execution Technology to perform a measured launch 11331625340SJoseph Cihula of the kernel. If the system does not support Intel(R) TXT, this 11431625340SJoseph Cihula will have no effect. 11531625340SJoseph Cihula 1163c556e41SArnaldo Carvalho de Melo Intel TXT will provide higher assurance of system configuration and 11731625340SJoseph Cihula initial state as well as data reset protection. This is used to 11831625340SJoseph Cihula create a robust initial kernel measurement and verification, which 11931625340SJoseph Cihula helps to ensure that kernel security mechanisms are functioning 12031625340SJoseph Cihula correctly. This level of protection requires a root of trust outside 12131625340SJoseph Cihula of the kernel itself. 12231625340SJoseph Cihula 12331625340SJoseph Cihula Intel TXT also helps solve real end user concerns about having 12431625340SJoseph Cihula confidence that their hardware is running the VMM or kernel that 1253c556e41SArnaldo Carvalho de Melo it was configured with, especially since they may be responsible for 12631625340SJoseph Cihula providing such assurances to VMs and services running on it. 12731625340SJoseph Cihula 12831625340SJoseph Cihula See <http://www.intel.com/technology/security/> for more information 12931625340SJoseph Cihula about Intel(R) TXT. 13031625340SJoseph Cihula See <http://tboot.sourceforge.net> for more information about tboot. 13131625340SJoseph Cihula See Documentation/intel_txt.txt for a description of how to enable 13231625340SJoseph Cihula Intel TXT support in a kernel boot. 13331625340SJoseph Cihula 13431625340SJoseph Cihula If you are unsure as to whether this is required, answer N. 13531625340SJoseph Cihula 136788084abSEric Parisconfig LSM_MMAP_MIN_ADDR 137024e6cb4SAndreas Schwab int "Low address space for LSM to protect from user allocation" 138788084abSEric Paris depends on SECURITY && SECURITY_SELINUX 139a58578e4SDave Jones default 65536 140788084abSEric Paris help 141788084abSEric Paris This is the portion of low virtual memory which should be protected 142788084abSEric Paris from userspace allocation. Keeping a user from writing to low pages 143788084abSEric Paris can help reduce the impact of kernel NULL pointer bugs. 144788084abSEric Paris 145788084abSEric Paris For most ia64, ppc64 and x86 users with lots of address space 146788084abSEric Paris a value of 65536 is reasonable and should cause no problems. 147788084abSEric Paris On arm and other archs it should not be higher than 32768. 148788084abSEric Paris Programs which use vm86 functionality or have some need to map 149788084abSEric Paris this low address space will need the permission specific to the 150788084abSEric Paris systems running LSM. 151788084abSEric Paris 1521da177e4SLinus Torvaldssource security/selinux/Kconfig 153e114e473SCasey Schauflersource security/smack/Kconfig 15400d7d6f8SKentaro Takedasource security/tomoyo/Kconfig 155f9ad1af5SJohn Johansensource security/apparmor/Kconfig 1561da177e4SLinus Torvalds 1573323eec9SMimi Zoharsource security/integrity/ima/Kconfig 1583323eec9SMimi Zohar 1596e65f92fSJohn Johansenchoice 1606e65f92fSJohn Johansen prompt "Default security module" 1616e65f92fSJohn Johansen default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 1626e65f92fSJohn Johansen default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 1636e65f92fSJohn Johansen default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 164f9ad1af5SJohn Johansen default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 1656e65f92fSJohn Johansen default DEFAULT_SECURITY_DAC 1666e65f92fSJohn Johansen 1676e65f92fSJohn Johansen help 1686e65f92fSJohn Johansen Select the security module that will be used by default if the 1696e65f92fSJohn Johansen kernel parameter security= is not specified. 1706e65f92fSJohn Johansen 1716e65f92fSJohn Johansen config DEFAULT_SECURITY_SELINUX 1726e65f92fSJohn Johansen bool "SELinux" if SECURITY_SELINUX=y 1736e65f92fSJohn Johansen 1746e65f92fSJohn Johansen config DEFAULT_SECURITY_SMACK 1756e65f92fSJohn Johansen bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 1766e65f92fSJohn Johansen 1776e65f92fSJohn Johansen config DEFAULT_SECURITY_TOMOYO 1786e65f92fSJohn Johansen bool "TOMOYO" if SECURITY_TOMOYO=y 1796e65f92fSJohn Johansen 180f9ad1af5SJohn Johansen config DEFAULT_SECURITY_APPARMOR 181f9ad1af5SJohn Johansen bool "AppArmor" if SECURITY_APPARMOR=y 182f9ad1af5SJohn Johansen 1836e65f92fSJohn Johansen config DEFAULT_SECURITY_DAC 1846e65f92fSJohn Johansen bool "Unix Discretionary Access Controls" 1856e65f92fSJohn Johansen 1866e65f92fSJohn Johansenendchoice 1876e65f92fSJohn Johansen 1886e65f92fSJohn Johansenconfig DEFAULT_SECURITY 1896e65f92fSJohn Johansen string 1906e65f92fSJohn Johansen default "selinux" if DEFAULT_SECURITY_SELINUX 1916e65f92fSJohn Johansen default "smack" if DEFAULT_SECURITY_SMACK 1926e65f92fSJohn Johansen default "tomoyo" if DEFAULT_SECURITY_TOMOYO 193f9ad1af5SJohn Johansen default "apparmor" if DEFAULT_SECURITY_APPARMOR 1946e65f92fSJohn Johansen default "" if DEFAULT_SECURITY_DAC 1956e65f92fSJohn Johansen 1961da177e4SLinus Torvaldsendmenu 1971da177e4SLinus Torvalds 198