| /security/selinux/ |
| D | Kconfig | 17 This option adds a kernel parameter 'selinux', which allows SELinux
18 to be disabled at boot. If this option is selected, SELinux
20 command line. The purpose of this option is to allow a single
32 This option enables writing to a selinuxfs node 'disable', which
35 This option is similar to the selinux=0 boot parameter, but is to
40 NOTE: selecting this option will disable the '__ro_after_init'
43 option.
45 WARNING: this option is deprecated and will be removed in a future
55 This enables the development support option of NSA SELinux,
57 policies. If unsure, say Y. With this option enabled, the
[all …]
|
| D | hooks.c | 1045 static int selinux_add_mnt_opt(const char *option, const char *val, int len, in selinux_add_mnt_opt() argument
1052 if (strcmp(option, tokens[i].name) == 0) { in selinux_add_mnt_opt()
|
| /security/tomoyo/ |
| D | Kconfig | 48 policy was loaded. This option will be useful for systems where
66 command line option.
76 option. For example, if you pass init=/bin/systemd option, you may
77 want to also pass TOMOYO_trigger=/bin/systemd option.
85 Enabling this option forces minimal built-in policy and disables
87 this option only if this kernel is built for doing fuzzing tests.
|
| /security/integrity/ima/ |
| D | Kconfig | 60 Disabling this option will disregard LSM based policy rules.
93 line 'ima_hash=' option.
141 This option allows the root user to see the current policy rules.
147 This option enables local measurement integrity appraisal.
163 This option enables loading an IMA architecture specific policy
171 This option defines an IMA appraisal policy at build time, which
186 This option defines a policy requiring all firmware to be signed,
187 including the regulatory.db. If both this option and
229 This option enables the different "ima_appraise=" modes
268 This option creates an IMA blacklist keyring, which contains all
[all …]
|
| /security/keys/ |
| D | Kconfig | 10 This option provides support for retaining authentication tokens and
28 This option causes the result of the last successful request_key()
46 This option provides a register of persistent per-UID keyrings,
65 This option provides support for holding large keys within the kernel
82 This option provides support for creating, sealing, and unsealing
100 This option provides support for create/encrypting/decrypting keys
115 This option provides support for calculating Diffie-Hellman
125 This option provides support for getting change notifications
|
| D | compat.c | 17 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, in COMPAT_SYSCALL_DEFINE5() argument
20 switch (option) { in COMPAT_SYSCALL_DEFINE5()
112 return keyctl_pkey_e_d_s(option, in COMPAT_SYSCALL_DEFINE5()
|
| D | keyctl.c | 1874 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, in SYSCALL_DEFINE5() argument
1877 switch (option) { in SYSCALL_DEFINE5()
1998 option, in SYSCALL_DEFINE5()
|
| /security/integrity/ |
| D | Kconfig | 8 This option enables the integrity subsystem, which is comprised
25 This option enables digital signature verification support
42 This option enables digital signature verification using
51 This option requires that all keys added to the .ima and
90 option adds a kernel parameter 'integrity_audit', which
|
| /security/integrity/evm/ |
| D | Kconfig | 39 in the HMAC calculation, enabling this option includes newly defined
54 When this option is enabled, root can add additional xattrs to the
65 This option enables X509 certificate loading from the kernel
74 This option defines X509 certificate path.
|
| /security/ |
| D | Kconfig | 17 If this option is not selected, no restrictions will be enforced
30 If this option is not selected, the default Linux security
92 This option enables support for booting the kernel with the
147 This option checks for obviously wrong memory regions when
160 This is a temporary option that allows missing usercopy whitelists
164 whitelist size. This option will be removed once it seems like
197 option. However, some of these are dynamically created at
209 disabled, choose this option and then set
|
| D | Kconfig.hardening | 23 def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
26 def_bool $(cc-option,-ftrivial-auto-var-init=zero)
31 …def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-wi…
44 This option enables initialization of stack variables at
150 This option will cause a warning to be printed each time the
160 This option makes the kernel erase the kernel stack before
208 This option provides 'stack_erasing' sysctl, which can be used in
242 def_bool $(cc-option,-fzero-call-used-regs=used-gpr)
|
| D | commoncap.c | 1273 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, in cap_task_prctl() argument
1279 switch (option) { in cap_task_prctl()
|
| D | security.c | 1012 int security_add_mnt_opt(const char *option, const char *val, int len, in security_add_mnt_opt() argument
1016 option, val, len, mnt_opts); in security_add_mnt_opt()
1907 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, in security_task_prctl() argument
1915 thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); in security_task_prctl()
|
| /security/apparmor/ |
| D | Kconfig | 27 This option selects whether introspection of loaded policy
35 This option selects whether sha1 hashing of loaded policy
|
| /security/yama/ |
| D | yama_lsm.c | 221 static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, in yama_task_prctl() argument
227 switch (option) { in yama_task_prctl()
|
| /security/smack/ |
| D | Kconfig | 51 receiving process. If this option is selected, the delivery
|