xref: /linux/security/landlock/Kconfig (revision bfb921b2a9d5d1123d1d10b196a39db629ddef87)
1# SPDX-License-Identifier: GPL-2.0-only
2
3config SECURITY_LANDLOCK
4	bool "Landlock support"
5	depends on SECURITY
6	select SECURITY_NETWORK
7	select SECURITY_PATH
8	help
9	  Landlock is a sandboxing mechanism that enables processes to restrict
10	  themselves (and their future children) by gradually enforcing
11	  tailored access control policies.  A Landlock security policy is a
12	  set of access rights (e.g. open a file in read-only, make a
13	  directory, etc.) tied to a file hierarchy.  Such policy can be
14	  configured and enforced by any processes for themselves using the
15	  dedicated system calls: landlock_create_ruleset(),
16	  landlock_add_rule(), and landlock_restrict_self().
17
18	  See Documentation/userspace-api/landlock.rst for further information.
19
20	  If you are unsure how to answer this question, answer N.  Otherwise,
21	  you should also prepend "landlock," to the content of CONFIG_LSM to
22	  enable Landlock at boot time.
23
24config SECURITY_LANDLOCK_KUNIT_TEST
25	bool "KUnit tests for Landlock" if !KUNIT_ALL_TESTS
26	depends on KUNIT=y
27	depends on SECURITY_LANDLOCK
28	default KUNIT_ALL_TESTS
29	help
30	  Build KUnit tests for Landlock.
31
32	  See the KUnit documentation in Documentation/dev-tools/kunit
33
34	  Run all KUnit tests for Landlock with:
35	  ./tools/testing/kunit/kunit.py run --kunitconfig security/landlock
36
37	  If you are unsure how to answer this question, answer N.
38