2024-09-09 08:52:07 +00:00
|
|
|
config SECURITY_SMACK
|
|
|
|
bool "Simplified Mandatory Access Control Kernel Support"
|
2024-09-09 08:57:42 +00:00
|
|
|
depends on NET
|
|
|
|
depends on INET
|
|
|
|
depends on SECURITY
|
|
|
|
select NETLABEL
|
|
|
|
select SECURITY_NETWORK
|
2024-09-09 08:52:07 +00:00
|
|
|
default n
|
|
|
|
help
|
|
|
|
This selects the Simplified Mandatory Access Control Kernel.
|
|
|
|
Smack is useful for sensitivity, integrity, and a variety
|
|
|
|
of other mandatory security schemes.
|
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
|
2024-09-09 08:57:42 +00:00
|
|
|
config SECURITY_SMACK_BRINGUP
|
|
|
|
bool "Reporting on access granted by Smack rules"
|
|
|
|
depends on SECURITY_SMACK
|
|
|
|
default n
|
|
|
|
help
|
|
|
|
Enable the bring-up ("b") access mode in Smack rules.
|
|
|
|
When access is granted by a rule with the "b" mode a
|
|
|
|
message about the access requested is generated. The
|
|
|
|
intention is that a process can be granted a wide set
|
|
|
|
of access initially with the bringup mode set on the
|
|
|
|
rules. The developer can use the information to
|
|
|
|
identify which rules are necessary and what accesses
|
|
|
|
may be inappropriate. The developer can reduce the
|
|
|
|
access rule set once the behavior is well understood.
|
|
|
|
This is a superior mechanism to the oft abused
|
|
|
|
"permissive" mode of other systems.
|