1# SPDX-License-Identifier: GPL-2.0-only 2config SECURITY_TOMOYO 3 bool "TOMOYO Linux Support" 4 depends on SECURITY 5 depends on NET 6 select SECURITYFS 7 select SECURITY_PATH 8 select SECURITY_NETWORK 9 default n 10 help 11 This selects TOMOYO Linux, pathname-based access control. 12 Required userspace tools and further information may be 13 found at <https://tomoyo.sourceforge.net/>. 14 If you are unsure how to answer this question, answer N. 15 16config SECURITY_TOMOYO_LKM 17 bool "Cut out most of TOMOYO's code to a loadable kernel module" 18 default n 19 depends on SECURITY_TOMOYO 20 depends on MODULES 21 help 22 Say Y here if you want to include TOMOYO without bloating 23 vmlinux file. If you say Y, most of TOMOYO code is cut out to 24 a loadable kernel module named tomoyo.ko . This option will be 25 useful for kernels built by Linux distributors where TOMOYO is 26 included but TOMOYO is not enabled by default. Please be sure 27 to explicitly load tomoyo.ko if you want to activate TOMOYO 28 without calling userspace policy loader, for tomoyo.ko is 29 loaded immediately before calling userspace policy loader. 30 31config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY 32 int "Default maximal count for learning mode" 33 default 2048 34 range 0 2147483647 35 depends on SECURITY_TOMOYO 36 help 37 This is the default value for maximal ACL entries 38 that are automatically appended into policy at "learning mode". 39 Some programs access thousands of objects, so running 40 such programs in "learning mode" dulls the system response 41 and consumes much memory. 42 This is the safeguard for such programs. 43 44config SECURITY_TOMOYO_MAX_AUDIT_LOG 45 int "Default maximal count for audit log" 46 default 1024 47 range 0 2147483647 48 depends on SECURITY_TOMOYO 49 help 50 This is the default value for maximal entries for 51 audit logs that the kernel can hold on memory. 52 You can read the log via /sys/kernel/security/tomoyo/audit. 53 If you don't need audit logs, you may set this value to 0. 54 55config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 56 bool "Activate without calling userspace policy loader." 57 default n 58 depends on SECURITY_TOMOYO 59 help 60 Say Y here if you want to activate access control as soon as built-in 61 policy was loaded. This option will be useful for systems where 62 operations which can lead to the hijacking of the boot sequence are 63 needed before loading the policy. For example, you can activate 64 immediately after loading the fixed part of policy which will allow 65 only operations needed for mounting a partition which contains the 66 variant part of policy and verifying (e.g. running GPG check) and 67 loading the variant part of policy. Since you can start using 68 enforcing mode from the beginning, you can reduce the possibility of 69 hijacking the boot sequence. 70 71config SECURITY_TOMOYO_POLICY_LOADER 72 string "Location of userspace policy loader" 73 default "/sbin/tomoyo-init" 74 depends on SECURITY_TOMOYO 75 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 76 help 77 This is the default pathname of policy loader which is called before 78 activation. You can override this setting via TOMOYO_loader= kernel 79 command line option. 80 81config SECURITY_TOMOYO_ACTIVATION_TRIGGER 82 string "Trigger for calling userspace policy loader" 83 default "/sbin/init" 84 depends on SECURITY_TOMOYO 85 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 86 help 87 This is the default pathname of activation trigger. 88 You can override this setting via TOMOYO_trigger= kernel command line 89 option. For example, if you pass init=/bin/systemd option, you may 90 want to also pass TOMOYO_trigger=/bin/systemd option. 91 92config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING 93 bool "Use insecure built-in settings for fuzzing tests." 94 default n 95 depends on SECURITY_TOMOYO 96 select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 97 help 98 Enabling this option forces minimal built-in policy and disables 99 domain/program checks for run-time policy modifications. Please enable 100 this option only if this kernel is built for doing fuzzing tests. 101