1# 2# Security configuration 3# 4 5menu "Security options" 6 7source security/keys/Kconfig 8 9config SECURITY_DMESG_RESTRICT 10 bool "Restrict unprivileged access to the kernel syslog" 11 default n 12 help 13 This enforces restrictions on unprivileged users reading the kernel 14 syslog via dmesg(8). 15 16 If this option is not selected, no restrictions will be enforced 17 unless the dmesg_restrict sysctl is explicitly set to (1). 18 19 If you are unsure how to answer this question, answer N. 20 21config SECURITY_PERF_EVENTS_RESTRICT 22 bool "Restrict unprivileged use of performance events" 23 depends on PERF_EVENTS 24 help 25 If you say Y here, the kernel.perf_event_paranoid sysctl 26 will be set to 3 by default, and no unprivileged use of the 27 perf_event_open syscall will be permitted unless it is 28 changed. 29 30config SECURITY 31 bool "Enable different security models" 32 depends on SYSFS 33 help 34 This allows you to choose different security modules to be 35 configured into your kernel. 36 37 If this option is not selected, the default Linux security 38 model will be used. 39 40 If you are unsure how to answer this question, answer N. 41 42config SECURITYFS 43 bool "Enable the securityfs filesystem" 44 help 45 This will build the securityfs filesystem. It is currently used by 46 the TPM bios character driver and IMA, an integrity provider. It is 47 not used by SELinux or SMACK. 48 49 If you are unsure how to answer this question, answer N. 50 51config SECURITY_NETWORK 52 bool "Socket and Networking Security Hooks" 53 depends on SECURITY 54 help 55 This enables the socket and networking security hooks. 56 If enabled, a security module can use these hooks to 57 implement socket and networking access controls. 58 If you are unsure how to answer this question, answer N. 59 60config SECURITY_NETWORK_XFRM 61 bool "XFRM (IPSec) Networking Security Hooks" 62 depends on XFRM && SECURITY_NETWORK 63 help 64 This enables the XFRM (IPSec) networking security hooks. 65 If enabled, a security module can use these hooks to 66 implement per-packet access controls based on labels 67 derived from IPSec policy. Non-IPSec communications are 68 designated as unlabelled, and only sockets authorized 69 to communicate unlabelled data can send without using 70 IPSec. 71 If you are unsure how to answer this question, answer N. 72 73config SECURITY_PATH 74 bool "Security hooks for pathname based access control" 75 depends on SECURITY 76 help 77 This enables the security hooks for pathname based access control. 78 If enabled, a security module can use these hooks to 79 implement pathname based access controls. 80 If you are unsure how to answer this question, answer N. 81 82config INTEL_TXT 83 bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 84 depends on HAVE_INTEL_TXT 85 help 86 This option enables support for booting the kernel with the 87 Trusted Boot (tboot) module. This will utilize 88 Intel(R) Trusted Execution Technology to perform a measured launch 89 of the kernel. If the system does not support Intel(R) TXT, this 90 will have no effect. 91 92 Intel TXT will provide higher assurance of system configuration and 93 initial state as well as data reset protection. This is used to 94 create a robust initial kernel measurement and verification, which 95 helps to ensure that kernel security mechanisms are functioning 96 correctly. This level of protection requires a root of trust outside 97 of the kernel itself. 98 99 Intel TXT also helps solve real end user concerns about having 100 confidence that their hardware is running the VMM or kernel that 101 it was configured with, especially since they may be responsible for 102 providing such assurances to VMs and services running on it. 103 104 See <http://www.intel.com/technology/security/> for more information 105 about Intel(R) TXT. 106 See <http://tboot.sourceforge.net> for more information about tboot. 107 See Documentation/intel_txt.txt for a description of how to enable 108 Intel TXT support in a kernel boot. 109 110 If you are unsure as to whether this is required, answer N. 111 112config LSM_MMAP_MIN_ADDR 113 int "Low address space for LSM to protect from user allocation" 114 depends on SECURITY && SECURITY_SELINUX 115 default 32768 if ARM || (ARM64 && COMPAT) 116 default 65536 117 help 118 This is the portion of low virtual memory which should be protected 119 from userspace allocation. Keeping a user from writing to low pages 120 can help reduce the impact of kernel NULL pointer bugs. 121 122 For most ia64, ppc64 and x86 users with lots of address space 123 a value of 65536 is reasonable and should cause no problems. 124 On arm and other archs it should not be higher than 32768. 125 Programs which use vm86 functionality or have some need to map 126 this low address space will need the permission specific to the 127 systems running LSM. 128 129config HAVE_HARDENED_USERCOPY_ALLOCATOR 130 bool 131 help 132 The heap allocator implements __check_heap_object() for 133 validating memory ranges against heap object sizes in 134 support of CONFIG_HARDENED_USERCOPY. 135 136config HAVE_ARCH_HARDENED_USERCOPY 137 bool 138 help 139 The architecture supports CONFIG_HARDENED_USERCOPY by 140 calling check_object_size() just before performing the 141 userspace copies in the low level implementation of 142 copy_to_user() and copy_from_user(). 143 144config HARDENED_USERCOPY 145 bool "Harden memory copies between kernel and userspace" 146 depends on HAVE_ARCH_HARDENED_USERCOPY 147 depends on HAVE_HARDENED_USERCOPY_ALLOCATOR 148 select BUG 149 help 150 This option checks for obviously wrong memory regions when 151 copying memory to/from the kernel (via copy_to_user() and 152 copy_from_user() functions) by rejecting memory ranges that 153 are larger than the specified heap object, span multiple 154 separately allocates pages, are not on the process stack, 155 or are part of the kernel text. This kills entire classes 156 of heap overflow exploits and similar kernel memory exposures. 157 158config HARDENED_USERCOPY_PAGESPAN 159 bool "Refuse to copy allocations that span multiple pages" 160 depends on HARDENED_USERCOPY 161 depends on !COMPILE_TEST 162 help 163 When a multi-page allocation is done without __GFP_COMP, 164 hardened usercopy will reject attempts to copy it. There are, 165 however, several cases of this in the kernel that have not all 166 been removed. This config is intended to be used only while 167 trying to find such users. 168 169source security/selinux/Kconfig 170source security/smack/Kconfig 171source security/tomoyo/Kconfig 172source security/apparmor/Kconfig 173source security/yama/Kconfig 174 175source security/integrity/Kconfig 176 177choice 178 prompt "Default security module" 179 default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 180 default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 181 default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 182 default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 183 default DEFAULT_SECURITY_YAMA if SECURITY_YAMA 184 default DEFAULT_SECURITY_DAC 185 186 help 187 Select the security module that will be used by default if the 188 kernel parameter security= is not specified. 189 190 config DEFAULT_SECURITY_SELINUX 191 bool "SELinux" if SECURITY_SELINUX=y 192 193 config DEFAULT_SECURITY_SMACK 194 bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 195 196 config DEFAULT_SECURITY_TOMOYO 197 bool "TOMOYO" if SECURITY_TOMOYO=y 198 199 config DEFAULT_SECURITY_APPARMOR 200 bool "AppArmor" if SECURITY_APPARMOR=y 201 202 config DEFAULT_SECURITY_YAMA 203 bool "Yama" if SECURITY_YAMA=y 204 205 config DEFAULT_SECURITY_DAC 206 bool "Unix Discretionary Access Controls" 207 208endchoice 209 210config DEFAULT_SECURITY 211 string 212 default "selinux" if DEFAULT_SECURITY_SELINUX 213 default "smack" if DEFAULT_SECURITY_SMACK 214 default "tomoyo" if DEFAULT_SECURITY_TOMOYO 215 default "apparmor" if DEFAULT_SECURITY_APPARMOR 216 default "yama" if DEFAULT_SECURITY_YAMA 217 default "" if DEFAULT_SECURITY_DAC 218 219endmenu 220 221