Contents of /alx-src/tags/kernel26-2.6.12-alx-r9/security/Kconfig
Parent Directory | Revision Log
Revision 630 -
(show annotations)
(download)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File size: 2803 byte(s)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File size: 2803 byte(s)
Tag kernel26-2.6.12-alx-r9
1 | # |
2 | # Security configuration |
3 | # |
4 | |
5 | menu "Security options" |
6 | |
7 | config KEYS |
8 | bool "Enable access key retention support" |
9 | help |
10 | This option provides support for retaining authentication tokens and |
11 | access keys in the kernel. |
12 | |
13 | It also includes provision of methods by which such keys might be |
14 | associated with a process so that network filesystems, encryption |
15 | support and the like can find them. |
16 | |
17 | Furthermore, a special type of key is available that acts as keyring: |
18 | a searchable sequence of keys. Each process is equipped with access |
19 | to five standard keyrings: UID-specific, GID-specific, session, |
20 | process and thread. |
21 | |
22 | If you are unsure as to whether this is required, answer N. |
23 | |
24 | config KEYS_DEBUG_PROC_KEYS |
25 | bool "Enable the /proc/keys file by which all keys may be viewed" |
26 | depends on KEYS |
27 | help |
28 | This option turns on support for the /proc/keys file through which |
29 | all the keys on the system can be listed. |
30 | |
31 | This option is a slight security risk in that it makes it possible |
32 | for anyone to see all the keys on the system. Normally the manager |
33 | pretends keys that are inaccessible to a process don't exist as far |
34 | as that process is concerned. |
35 | |
36 | config SECURITY |
37 | bool "Enable different security models" |
38 | help |
39 | This allows you to choose different security modules to be |
40 | configured into your kernel. |
41 | |
42 | If this option is not selected, the default Linux security |
43 | model will be used. |
44 | |
45 | If you are unsure how to answer this question, answer N. |
46 | |
47 | config SECURITY_NETWORK |
48 | bool "Socket and Networking Security Hooks" |
49 | depends on SECURITY |
50 | help |
51 | This enables the socket and networking security hooks. |
52 | If enabled, a security module can use these hooks to |
53 | implement socket and networking access controls. |
54 | If you are unsure how to answer this question, answer N. |
55 | |
56 | config SECURITY_CAPABILITIES |
57 | tristate "Default Linux Capabilities" |
58 | depends on SECURITY |
59 | help |
60 | This enables the "default" Linux capabilities functionality. |
61 | If you are unsure how to answer this question, answer Y. |
62 | |
63 | config SECURITY_ROOTPLUG |
64 | tristate "Root Plug Support" |
65 | depends on USB && SECURITY |
66 | help |
67 | This is a sample LSM module that should only be used as such. |
68 | It prevents any programs running with egid == 0 if a specific |
69 | USB device is not present in the system. |
70 | |
71 | See <http://www.linuxjournal.com/article.php?sid=6279> for |
72 | more information about this module. |
73 | |
74 | If you are unsure how to answer this question, answer N. |
75 | |
76 | config SECURITY_SECLVL |
77 | tristate "BSD Secure Levels" |
78 | depends on SECURITY |
79 | select CRYPTO |
80 | select CRYPTO_SHA1 |
81 | help |
82 | Implements BSD Secure Levels as an LSM. See |
83 | <file:Documentation/seclvl.txt> for instructions on how to use this |
84 | module. |
85 | |
86 | If you are unsure how to answer this question, answer N. |
87 | |
88 | source security/selinux/Kconfig |
89 | |
90 | endmenu |
91 |