Home
last modified time | relevance | path

Searched refs:on (Results 1 – 16 of 16) sorted by relevance

/security/integrity/ima/
DKconfig36 depends on TCG_TPM && HAVE_IMA_KEXEC
39 TPM PCRs are only reset on a hard reboot. In order to validate
41 running kernel must be saved and restored on boot.
43 Depending on the IMA policy, the measurement list can grow to
57 depends on AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR)
73 by specifying "ima_template=" on the boot command line.
97 depends on CRYPTO_SHA1=y
101 depends on CRYPTO_SHA256=y
105 depends on CRYPTO_SHA512=y
109 depends on CRYPTO_WP512=y
[all …]
/security/integrity/
DKconfig5 depends on SECURITY
35 depends on INTEGRITY_SIGNATURE
46 bool "Require all keys on the integrity keyrings be signed"
47 depends on SYSTEM_TRUSTED_KEYRING
48 depends on INTEGRITY_ASYMMETRIC_KEYS
52 .evm keyrings be signed by a key on the system trusted
57 depends on INTEGRITY_ASYMMETRIC_KEYS
58 depends on SYSTEM_BLACKLIST_KEYRING
66 depends on INTEGRITY_PLATFORM_KEYRING
67 depends on EFI
[all …]
/security/
DKconfig.hardening13 such variables, depending on the chosen level of coverage.
32 depends on !CC_HAS_AUTO_VAR_INIT_ZERO_BARE
48 on the function calling complexity of a given workload's
65 depends on GCC_PLUGINS
68 Zero-initialize any structures on the stack containing
76 depends on GCC_PLUGINS
77 depends on !(KASAN && KASAN_STACK)
80 Zero-initialize any structures on the stack that may
87 As a side-effect, this keeps a lot of variables on the
94 depends on GCC_PLUGINS
[all …]
DKconfig14 This enforces restrictions on unprivileged users reading the kernel
24 depends on SYSFS
25 depends on MULTIUSER
36 depends on SECURITY
50 depends on SECURITY
59 depends on SECURITY && INFINIBAND
68 depends on XFRM && SECURITY_NETWORK
72 implement per-packet access controls based on labels
81 depends on SECURITY
90 depends on HAVE_INTEL_TXT
[all …]
/security/smack/
DKconfig4 depends on NET
5 depends on INET
6 depends on SECURITY
17 bool "Reporting on access granted by Smack rules"
18 depends on SECURITY_SMACK
25 of access initially with the bringup mode set on the
36 depends on SECURITY_SMACK
37 depends on NETWORK_SECMARK
38 depends on NETFILTER
47 depends on SECURITY_SMACK
/security/tomoyo/
DKconfig4 depends on SECURITY
5 depends on NET
22 depends on SECURITY_TOMOYO
35 depends on SECURITY_TOMOYO
38 audit logs that the kernel can hold on memory.
45 depends on SECURITY_TOMOYO
61 depends on SECURITY_TOMOYO
62 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
71 depends on SECURITY_TOMOYO
72 depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
[all …]
/security/selinux/
Dima.c25 const char *on = "=1;", *off = "=0;"; in selinux_ima_collect_state() local
31 len = strlen(on); in selinux_ima_collect_state()
42 rc = strlcat(buf, selinux_initialized(state) ? on : off, buf_len); in selinux_ima_collect_state()
48 rc = strlcat(buf, enforcing_enabled(state) ? on : off, buf_len); in selinux_ima_collect_state()
54 rc = strlcat(buf, checkreqprot_get(state) ? on : off, buf_len); in selinux_ima_collect_state()
61 rc = strlcat(buf, state->policycap[i] ? on : off, buf_len); in selinux_ima_collect_state()
DKconfig4 depends on SECURITY_NETWORK && AUDIT && NET && INET
14 depends on SECURITY_SELINUX
19 functionality can be disabled with selinux=0 on the kernel
28 depends on SECURITY_SELINUX
52 depends on SECURITY_SELINUX
59 unless you specify enforcing=1 on the kernel command line. You
66 depends on SECURITY_SELINUX
75 depends on SECURITY_SELINUX
98 depends on SECURITY_SELINUX
110 depends on SECURITY_SELINUX
/security/keys/
DKconfig26 depends on KEYS
35 by the last step to save on the searching.
44 depends on KEYS
53 LSMs gets to rule on which admin-level processes get to access the
61 depends on KEYS
62 depends on TMPFS
63 depends on CRYPTO_LIB_CHACHA20POLY1305 = y
73 depends on KEYS && TCG_TPM
92 depends on KEYS
109 bool "Diffie-Hellman operations on retained keys"
[all …]
/security/apparmor/
DKconfig4 depends on SECURITY && NET
22 depends on SECURITY_APPARMOR
32 depends on SECURITY_APPARMOR_HASH
39 however it can slow down policy load on some devices. In
45 depends on SECURITY_APPARMOR
55 depends on SECURITY_APPARMOR_DEBUG
65 depends on SECURITY_APPARMOR_DEBUG
74 depends on KUNIT=y && SECURITY_APPARMOR
84 For more information on KUnit and unit tests in general please refer
/security/integrity/evm/
DKconfig19 depends on EVM
32 depends on EVM && SECURITY_SMACK
49 depends on EVM
60 depends on EVM && INTEGRITY_TRUSTED_KEYRING
71 depends on EVM_LOAD_X509
/security/lockdown/
DKconfig3 depends on SECURITY
11 depends on SECURITY_LOCKDOWN_LSM
14 to ensure that lockdown enforcement can be carried out on kernel
22 depends on SECURITY_LOCKDOWN_LSM
/security/loadpin/
DKconfig4 depends on SECURITY && BLOCK
10 rejected. This is best used on systems without an initrd that
16 depends on SECURITY_LOADPIN
/security/yama/
DKconfig4 depends on SECURITY
/security/safesetid/
DKconfig4 depends on SECURITY
/security/landlock/
DKconfig5 depends on SECURITY && !ARCH_EPHEMERAL_INODES