Casey Schaufler | e114e47 | 2008-02-04 22:29:50 -0800 | [diff] [blame] | 1 | config SECURITY_SMACK |
| 2 | bool "Simplified Mandatory Access Control Kernel Support" |
Casey Schaufler | 111fe8b | 2012-11-02 11:28:11 -0700 | [diff] [blame] | 3 | depends on NET |
| 4 | depends on INET |
| 5 | depends on SECURITY |
| 6 | select NETLABEL |
| 7 | select SECURITY_NETWORK |
Casey Schaufler | e114e47 | 2008-02-04 22:29:50 -0800 | [diff] [blame] | 8 | default n |
| 9 | help |
| 10 | This selects the Simplified Mandatory Access Control Kernel. |
| 11 | Smack is useful for sensitivity, integrity, and a variety |
| 12 | of other mandatory security schemes. |
| 13 | If you are unsure how to answer this question, answer N. |
| 14 | |
Casey Schaufler | d166c80 | 2014-08-27 14:51:27 -0700 | [diff] [blame] | 15 | config SECURITY_SMACK_BRINGUP |
| 16 | bool "Reporting on access granted by Smack rules" |
| 17 | depends on SECURITY_SMACK |
| 18 | default n |
| 19 | help |
| 20 | Enable the bring-up ("b") access mode in Smack rules. |
| 21 | When access is granted by a rule with the "b" mode a |
| 22 | message about the access requested is generated. The |
| 23 | intention is that a process can be granted a wide set |
| 24 | of access initially with the bringup mode set on the |
| 25 | rules. The developer can use the information to |
| 26 | identify which rules are necessary and what accesses |
| 27 | may be inappropriate. The developer can reduce the |
| 28 | access rule set once the behavior is well understood. |
| 29 | This is a superior mechanism to the oft abused |
| 30 | "permissive" mode of other systems. |