linux_dsm_epyc7002/security/yama/Kconfig
Kees Cook c6993e4ac0 security: allow Yama to be unconditionally stacked
Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected,
no matter what LSM module is primary.

Ubuntu and Chrome OS already carry patches to do this, and Fedora
has voiced interest in doing this as well. Instead of having multiple
distributions (or LSM authors) carrying these patches, just allow Yama
to be called unconditionally when selected by the new CONFIG.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-09-05 14:12:31 -07:00

22 lines
656 B
Plaintext

config SECURITY_YAMA
bool "Yama support"
depends on SECURITY
select SECURITYFS
select SECURITY_PATH
default n
help
This selects Yama, which extends DAC support with additional
system-wide security settings beyond regular Linux discretionary
access controls. Currently available is ptrace scope restriction.
Further information can be found in Documentation/security/Yama.txt.
If you are unsure how to answer this question, answer N.
config SECURITY_YAMA_STACKED
bool "Yama stacked with other LSMs"
depends on SECURITY_YAMA
default n
help
When Yama is built into the kernel, force it to stack with the
selected primary LSM.