blob: b065f97894185557c88fe77c554719a3deca955d [file] [log] [blame]
Casey Schauflere114e472008-02-04 22:29:50 -08001config SECURITY_SMACK
2 bool "Simplified Mandatory Access Control Kernel Support"
Casey Schaufler111fe8b2012-11-02 11:28:11 -07003 depends on NET
4 depends on INET
5 depends on SECURITY
6 select NETLABEL
7 select SECURITY_NETWORK
Casey Schauflere114e472008-02-04 22:29:50 -08008 default n
9 help
10 This selects the Simplified Mandatory Access Control Kernel.
11 Smack is useful for sensitivity, integrity, and a variety
12 of other mandatory security schemes.
13 If you are unsure how to answer this question, answer N.
14
Casey Schauflerd166c802014-08-27 14:51:27 -070015config SECURITY_SMACK_BRINGUP
16 bool "Reporting on access granted by Smack rules"
17 depends on SECURITY_SMACK
18 default n
19 help
20 Enable the bring-up ("b") access mode in Smack rules.
21 When access is granted by a rule with the "b" mode a
22 message about the access requested is generated. The
23 intention is that a process can be granted a wide set
24 of access initially with the bringup mode set on the
25 rules. The developer can use the information to
26 identify which rules are necessary and what accesses
27 may be inappropriate. The developer can reduce the
28 access rule set once the behavior is well understood.
29 This is a superior mechanism to the oft abused
30 "permissive" mode of other systems.