1*90945448SMickaël Salaün# SPDX-License-Identifier: GPL-2.0-only 2*90945448SMickaël Salaün 3*90945448SMickaël Salaünconfig SECURITY_LANDLOCK 4*90945448SMickaël Salaün bool "Landlock support" 5*90945448SMickaël Salaün depends on SECURITY 6*90945448SMickaël Salaün select SECURITY_PATH 7*90945448SMickaël Salaün help 8*90945448SMickaël Salaün Landlock is a sandboxing mechanism that enables processes to restrict 9*90945448SMickaël Salaün themselves (and their future children) by gradually enforcing 10*90945448SMickaël Salaün tailored access control policies. A Landlock security policy is a 11*90945448SMickaël Salaün set of access rights (e.g. open a file in read-only, make a 12*90945448SMickaël Salaün directory, etc.) tied to a file hierarchy. Such policy can be 13*90945448SMickaël Salaün configured and enforced by any processes for themselves using the 14*90945448SMickaël Salaün dedicated system calls: landlock_create_ruleset(), 15*90945448SMickaël Salaün landlock_add_rule(), and landlock_restrict_self(). 16*90945448SMickaël Salaün 17*90945448SMickaël Salaün See Documentation/userspace-api/landlock.rst for further information. 18*90945448SMickaël Salaün 19*90945448SMickaël Salaün If you are unsure how to answer this question, answer N. Otherwise, 20*90945448SMickaël Salaün you should also prepend "landlock," to the content of CONFIG_LSM to 21*90945448SMickaël Salaün enable Landlock at boot time. 22