1# 2# Security configuration 3# 4 5menu "Security options" 6 7source security/keys/Kconfig 8 9config SECURITY_DMESG_RESTRICT 10 bool "Restrict unprivileged access to the kernel syslog" 11 default n 12 help 13 This enforces restrictions on unprivileged users reading the kernel 14 syslog via dmesg(8). 15 16 If this option is not selected, no restrictions will be enforced 17 unless the dmesg_restrict sysctl is explicitly set to (1). 18 19 If you are unsure how to answer this question, answer N. 20 21config SECURITY_PERF_EVENTS_RESTRICT 22 bool "Restrict unprivileged use of performance events" 23 depends on PERF_EVENTS 24 help 25 If you say Y here, the kernel.perf_event_paranoid sysctl 26 will be set to 3 by default, and no unprivileged use of the 27 perf_event_open syscall will be permitted unless it is 28 changed. 29 30config SECURITY 31 bool "Enable different security models" 32 depends on SYSFS 33 depends on MULTIUSER 34 help 35 This allows you to choose different security modules to be 36 configured into your kernel. 37 38 If this option is not selected, the default Linux security 39 model will be used. 40 41 If you are unsure how to answer this question, answer N. 42 43config SECURITY_WRITABLE_HOOKS 44 depends on SECURITY 45 bool 46 default n 47 48config SECURITYFS 49 bool "Enable the securityfs filesystem" 50 help 51 This will build the securityfs filesystem. It is currently used by 52 the TPM bios character driver and IMA, an integrity provider. It is 53 not used by SELinux or SMACK. 54 55 If you are unsure how to answer this question, answer N. 56 57config SECURITY_NETWORK 58 bool "Socket and Networking Security Hooks" 59 depends on SECURITY 60 help 61 This enables the socket and networking security hooks. 62 If enabled, a security module can use these hooks to 63 implement socket and networking access controls. 64 If you are unsure how to answer this question, answer N. 65 66config PAGE_TABLE_ISOLATION 67 bool "Remove the kernel mapping in user mode" 68 depends on X86_64 && !UML 69 default y 70 help 71 This feature reduces the number of hardware side channels by 72 ensuring that the majority of kernel addresses are not mapped 73 into userspace. 74 75 See Documentation/x86/pti.txt for more details. 76 77config SECURITY_INFINIBAND 78 bool "Infiniband Security Hooks" 79 depends on SECURITY && INFINIBAND 80 help 81 This enables the Infiniband security hooks. 82 If enabled, a security module can use these hooks to 83 implement Infiniband access controls. 84 If you are unsure how to answer this question, answer N. 85 86config SECURITY_NETWORK_XFRM 87 bool "XFRM (IPSec) Networking Security Hooks" 88 depends on XFRM && SECURITY_NETWORK 89 help 90 This enables the XFRM (IPSec) networking security hooks. 91 If enabled, a security module can use these hooks to 92 implement per-packet access controls based on labels 93 derived from IPSec policy. Non-IPSec communications are 94 designated as unlabelled, and only sockets authorized 95 to communicate unlabelled data can send without using 96 IPSec. 97 If you are unsure how to answer this question, answer N. 98 99config SECURITY_PATH 100 bool "Security hooks for pathname based access control" 101 depends on SECURITY 102 help 103 This enables the security hooks for pathname based access control. 104 If enabled, a security module can use these hooks to 105 implement pathname based access controls. 106 If you are unsure how to answer this question, answer N. 107 108config INTEL_TXT 109 bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)" 110 depends on HAVE_INTEL_TXT 111 help 112 This option enables support for booting the kernel with the 113 Trusted Boot (tboot) module. This will utilize 114 Intel(R) Trusted Execution Technology to perform a measured launch 115 of the kernel. If the system does not support Intel(R) TXT, this 116 will have no effect. 117 118 Intel TXT will provide higher assurance of system configuration and 119 initial state as well as data reset protection. This is used to 120 create a robust initial kernel measurement and verification, which 121 helps to ensure that kernel security mechanisms are functioning 122 correctly. This level of protection requires a root of trust outside 123 of the kernel itself. 124 125 Intel TXT also helps solve real end user concerns about having 126 confidence that their hardware is running the VMM or kernel that 127 it was configured with, especially since they may be responsible for 128 providing such assurances to VMs and services running on it. 129 130 See <http://www.intel.com/technology/security/> for more information 131 about Intel(R) TXT. 132 See <http://tboot.sourceforge.net> for more information about tboot. 133 See Documentation/intel_txt.txt for a description of how to enable 134 Intel TXT support in a kernel boot. 135 136 If you are unsure as to whether this is required, answer N. 137 138config LSM_MMAP_MIN_ADDR 139 int "Low address space for LSM to protect from user allocation" 140 depends on SECURITY && SECURITY_SELINUX 141 default 32768 if ARM || (ARM64 && COMPAT) 142 default 65536 143 help 144 This is the portion of low virtual memory which should be protected 145 from userspace allocation. Keeping a user from writing to low pages 146 can help reduce the impact of kernel NULL pointer bugs. 147 148 For most ia64, ppc64 and x86 users with lots of address space 149 a value of 65536 is reasonable and should cause no problems. 150 On arm and other archs it should not be higher than 32768. 151 Programs which use vm86 functionality or have some need to map 152 this low address space will need the permission specific to the 153 systems running LSM. 154 155config HAVE_HARDENED_USERCOPY_ALLOCATOR 156 bool 157 help 158 The heap allocator implements __check_heap_object() for 159 validating memory ranges against heap object sizes in 160 support of CONFIG_HARDENED_USERCOPY. 161 162config HARDENED_USERCOPY 163 bool "Harden memory copies between kernel and userspace" 164 depends on HAVE_HARDENED_USERCOPY_ALLOCATOR 165 select BUG 166 imply STRICT_DEVMEM 167 help 168 This option checks for obviously wrong memory regions when 169 copying memory to/from the kernel (via copy_to_user() and 170 copy_from_user() functions) by rejecting memory ranges that 171 are larger than the specified heap object, span multiple 172 separately allocated pages, are not on the process stack, 173 or are part of the kernel text. This kills entire classes 174 of heap overflow exploits and similar kernel memory exposures. 175 176config HARDENED_USERCOPY_PAGESPAN 177 bool "Refuse to copy allocations that span multiple pages" 178 depends on HARDENED_USERCOPY 179 depends on EXPERT 180 help 181 When a multi-page allocation is done without __GFP_COMP, 182 hardened usercopy will reject attempts to copy it. There are, 183 however, several cases of this in the kernel that have not all 184 been removed. This config is intended to be used only while 185 trying to find such users. 186 187config FORTIFY_SOURCE 188 bool "Harden common str/mem functions against buffer overflows" 189 depends on ARCH_HAS_FORTIFY_SOURCE 190 help 191 Detect overflows of buffers in common string and memory functions 192 where the compiler can determine and validate the buffer sizes. 193 194config STATIC_USERMODEHELPER 195 bool "Force all usermode helper calls through a single binary" 196 help 197 By default, the kernel can call many different userspace 198 binary programs through the "usermode helper" kernel 199 interface. Some of these binaries are statically defined 200 either in the kernel code itself, or as a kernel configuration 201 option. However, some of these are dynamically created at 202 runtime, or can be modified after the kernel has started up. 203 To provide an additional layer of security, route all of these 204 calls through a single executable that can not have its name 205 changed. 206 207 Note, it is up to this single binary to then call the relevant 208 "real" usermode helper binary, based on the first argument 209 passed to it. If desired, this program can filter and pick 210 and choose what real programs are called. 211 212 If you wish for all usermode helper programs are to be 213 disabled, choose this option and then set 214 STATIC_USERMODEHELPER_PATH to an empty string. 215 216config STATIC_USERMODEHELPER_PATH 217 string "Path to the static usermode helper binary" 218 depends on STATIC_USERMODEHELPER 219 default "/sbin/usermode-helper" 220 help 221 The binary called by the kernel when any usermode helper 222 program is wish to be run. The "real" application's name will 223 be in the first argument passed to this program on the command 224 line. 225 226 If you wish for all usermode helper programs to be disabled, 227 specify an empty string here (i.e. ""). 228 229source security/selinux/Kconfig 230source security/smack/Kconfig 231source security/tomoyo/Kconfig 232source security/apparmor/Kconfig 233source security/loadpin/Kconfig 234source security/yama/Kconfig 235 236source security/integrity/Kconfig 237 238choice 239 prompt "Default security module" 240 default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 241 default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 242 default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 243 default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 244 default DEFAULT_SECURITY_DAC 245 246 help 247 Select the security module that will be used by default if the 248 kernel parameter security= is not specified. 249 250 config DEFAULT_SECURITY_SELINUX 251 bool "SELinux" if SECURITY_SELINUX=y 252 253 config DEFAULT_SECURITY_SMACK 254 bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 255 256 config DEFAULT_SECURITY_TOMOYO 257 bool "TOMOYO" if SECURITY_TOMOYO=y 258 259 config DEFAULT_SECURITY_APPARMOR 260 bool "AppArmor" if SECURITY_APPARMOR=y 261 262 config DEFAULT_SECURITY_DAC 263 bool "Unix Discretionary Access Controls" 264 265endchoice 266 267config DEFAULT_SECURITY 268 string 269 default "selinux" if DEFAULT_SECURITY_SELINUX 270 default "smack" if DEFAULT_SECURITY_SMACK 271 default "tomoyo" if DEFAULT_SECURITY_TOMOYO 272 default "apparmor" if DEFAULT_SECURITY_APPARMOR 273 default "" if DEFAULT_SECURITY_DAC 274 275source "security/Kconfig.hardening" 276 277endmenu 278 279