Searched refs:of (Results 1 – 13 of 13) sorted by relevance
| /security/ |
| D | Kconfig.hardening | 13 such variables, depending on the chosen level of coverage.
31 This option enables initialization of stack variables at
35 on the function calling complexity of a given workload's
38 This chooses the level of coverage over classes of potentially
47 classes of uninitialized stack variable exploits
56 a __user attribute. This can prevent some classes of
70 of uninitialized stack variable exploits and information
74 As a side-effect, this keeps a lot of variables on the
88 of uninitialized stack variable exploits and information
97 of uninitialized stack variable exploits and information
[all …]
|
| D | Kconfig | 62 This feature reduces the number of hardware side channels by
63 ensuring that the majority of kernel addresses are not mapped
106 of the kernel. If the system does not support Intel(R) TXT, this
109 Intel TXT will provide higher assurance of system configuration and
113 correctly. This level of protection requires a root of trust outside
114 of the kernel itself.
124 See Documentation/x86/intel_txt.rst for a description of how to enable
135 This is the portion of low virtual memory which should be protected
137 can help reduce the impact of kernel NULL pointer bugs.
139 For most ia64, ppc64 and x86 users with lots of address space
[all …]
|
| D | device_cgroup.c | 755 static ssize_t devcgroup_access_write(struct kernfs_open_file *of, in devcgroup_access_write() argument
761 retval = devcgroup_update_access(css_to_devcgroup(of_css(of)), in devcgroup_access_write()
762 of_cft(of)->private, strstrip(buf)); in devcgroup_access_write()
|
| /security/tomoyo/ |
| D | Kconfig | 26 Some programs access thousands of objects, so running
49 operations which can lead to the hijacking of the boot sequence are
51 immediately after loading the fixed part of policy which will allow
53 variant part of policy and verifying (e.g. running GPG check) and
54 loading the variant part of policy. Since you can start using
55 enforcing mode from the beginning, you can reduce the possibility of
59 string "Location of userspace policy loader"
64 This is the default pathname of policy loader which is called before
74 This is the default pathname of activation trigger.
|
| /security/keys/ |
| D | Kconfig | 13 It also includes provision of methods by which such keys might be
17 Furthermore, a special type of key is available that acts as keyring:
18 a searchable sequence of keys. Each process is equipped with access
29 bool "Enable temporary caching of the last request_key() result"
32 This option causes the result of the last successful request_key()
35 resumption of userspace.
41 An example of such a process is a pathwalk through a network
47 bool "Enable register of persistent per-UID keyrings"
50 This option provides a register of persistent per-UID keyrings,
52 in the sense that they stay around after all processes of that UID
|
| /security/apparmor/ |
| D | Kconfig | 19 bool "Enable introspection of sha1 hashes for loaded profiles"
25 This option selects whether introspection of loaded policy
33 This option selects whether sha1 hashing of loaded policy
34 is enabled by default. The generation of sha1 hashes for
48 provide fine grained control of the debug options that are
66 Set the default value of the apparmor.debug kernel parameter.
|
| /security/integrity/ |
| D | Kconfig | 9 of a number of different components including the Integrity
14 Each of these components can be enabled/disabled separately.
27 of the different use cases - evm, ima, and modules.
82 controls the level of integrity auditing messages.
|
| /security/smack/ |
| D | Kconfig | 13 of other mandatory security schemes.
25 of access initially with the bringup mode set on the
31 "permissive" mode of other systems.
41 This enables security marking of network packets using
|
| /security/selinux/ |
| D | Kconfig | 20 command line. The purpose of this option is to allow a single
36 support runtime disabling of SELinux, e.g. from /sbin/init, for
42 using the selinux=0 boot parameter instead of enabling this
52 This enables the development support option of NSA SELinux,
95 This option sets the number of buckets used in the sidtab hashtable
96 to 2^SECURITY_SELINUX_SIDTAB_HASH_BITS buckets. The number of hash
|
| /security/integrity/ima/ |
| D | Kconfig | 19 Measurement Architecture(IMA) maintains a list of hash
20 values of executables and other sensitive system files,
22 to change the contents of an important system file
39 a TPM's quote after a soft boot, the IMA measurement list of the
52 that IMA uses to maintain the integrity aggregate of the
218 the usage of the init_module syscall.
244 Adds support for signatures appended to files. The format of the
259 This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
|
| /security/safesetid/ |
| D | Kconfig | 8 SafeSetID is an LSM module that gates the setid family of syscalls to
|
| /security/loadpin/ |
| D | Kconfig | 3 bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
|
| /security/lockdown/ |
| D | Kconfig | 24 The kernel can be configured to default to differing levels of
|