190945448SMickaël Salaün# SPDX-License-Identifier: GPL-2.0-only 290945448SMickaël Salaün 390945448SMickaël Salaünconfig SECURITY_LANDLOCK 490945448SMickaël Salaün bool "Landlock support" 574ce793bSMickaël Salaün depends on SECURITY 6fff69fb0SKonstantin Meskhidze select SECURITY_NETWORK 790945448SMickaël Salaün select SECURITY_PATH 890945448SMickaël Salaün help 990945448SMickaël Salaün Landlock is a sandboxing mechanism that enables processes to restrict 1090945448SMickaël Salaün themselves (and their future children) by gradually enforcing 1190945448SMickaël Salaün tailored access control policies. A Landlock security policy is a 1290945448SMickaël Salaün set of access rights (e.g. open a file in read-only, make a 1390945448SMickaël Salaün directory, etc.) tied to a file hierarchy. Such policy can be 1490945448SMickaël Salaün configured and enforced by any processes for themselves using the 1590945448SMickaël Salaün dedicated system calls: landlock_create_ruleset(), 1690945448SMickaël Salaün landlock_add_rule(), and landlock_restrict_self(). 1790945448SMickaël Salaün 1890945448SMickaël Salaün See Documentation/userspace-api/landlock.rst for further information. 1990945448SMickaël Salaün 2090945448SMickaël Salaün If you are unsure how to answer this question, answer N. Otherwise, 2190945448SMickaël Salaün you should also prepend "landlock," to the content of CONFIG_LSM to 2290945448SMickaël Salaün enable Landlock at boot time. 23*b4007fd2SMickaël Salaün 24*b4007fd2SMickaël Salaünconfig SECURITY_LANDLOCK_KUNIT_TEST 25*b4007fd2SMickaël Salaün bool "KUnit tests for Landlock" if !KUNIT_ALL_TESTS 26*b4007fd2SMickaël Salaün depends on KUNIT=y 27*b4007fd2SMickaël Salaün depends on SECURITY_LANDLOCK 28*b4007fd2SMickaël Salaün default KUNIT_ALL_TESTS 29*b4007fd2SMickaël Salaün help 30*b4007fd2SMickaël Salaün Build KUnit tests for Landlock. 31*b4007fd2SMickaël Salaün 32*b4007fd2SMickaël Salaün See the KUnit documentation in Documentation/dev-tools/kunit 33*b4007fd2SMickaël Salaün 34*b4007fd2SMickaël Salaün Run all KUnit tests for Landlock with: 35*b4007fd2SMickaël Salaün ./tools/testing/kunit/kunit.py run --kunitconfig security/landlock 36*b4007fd2SMickaël Salaün 37*b4007fd2SMickaël Salaün If you are unsure how to answer this question, answer N. 38