• Home
  • Raw
  • Download

Lines Matching refs:to

11 	bool "Restrict unprivileged access to the kernel syslog"
18 	  unless the dmesg_restrict sysctl is explicitly set to (1).
20 	  If you are unsure how to answer this question, answer N.
27 	  This allows you to choose different security modules to be
33 	  If you are unsure how to answer this question, answer N.
46 	  If you are unsure how to answer this question, answer N.
53 	  If enabled, a security module can use these hooks to
55 	  If you are unsure how to answer this question, answer N.
73 	  If enabled, a security module can use these hooks to
75 	  If you are unsure how to answer this question, answer N.
82 	  If enabled, a security module can use these hooks to
86 	  to communicate unlabelled data can send without using
88 	  If you are unsure how to answer this question, answer N.
95 	  If enabled, a security module can use these hooks to
97 	  If you are unsure how to answer this question, answer N.
105 	  Intel(R) Trusted Execution Technology to perform a measured launch
110 	  initial state as well as data reset protection.  This is used to
112 	  helps to ensure that kernel security mechanisms are functioning
119 	  providing such assurances to VMs and services running on it.
124 	  See Documentation/x86/intel_txt.rst for a description of how to enable
127 	  If you are unsure as to whether this is required, answer N.
130 	int "Low address space for LSM to protect from user allocation"
136 	  from userspace allocation.  Keeping a user from writing to low pages
142 	  Programs which use vm86 functionality or have some need to map
143 	  this low address space will need the permission specific to the
159 	  copying memory to/from the kernel (via copy_to_user() and
167 	bool "Allow usercopy whitelist violations to fallback to object size"
172 	  to be discovered via a WARN() to the kernel log, instead of
173 	  rejecting the copy, falling back to non-whitelisted hardened
181 	bool "Refuse to copy allocations that span multiple pages"
186 	  hardened usercopy will reject attempts to copy it. There are,
188 	  been removed. This config is intended to be used only while
189 	  trying to find such users.
211 	  Note, it is up to this single binary to then call the relevant
213 	  passed to it.  If desired, this program can filter and pick
216 	  If you wish for all usermode helper programs are to be
218 	  STATIC_USERMODEHELPER_PATH to an empty string.
221 	string "Path to the static usermode helper binary"
226 	  program is wish to be run.  The "real" application's name will
227 	  be in the first argument passed to this program on the command
230 	  If you wish for all usermode helper programs to be disabled,
245 	prompt "First legacy 'major LSM' to be initialized"
254 	  in old kernel configs to CONFIG_LSM in new kernel configs. Don't