X-Git-Url: http://pilppa.org/gitweb/gitweb.cgi?a=blobdiff_plain;f=security%2FKconfig;h=25ffe1b9dc98467d7be1ec373c7024f246172e0b;hb=cc842b82cc513ebc78bef6eeaacb5f6335851bcb;hp=34f593410d57cb12070a154bc0fa0b272467dfeb;hpb=ed03f430cdc8c802652467e9097606fedc2c7abc;p=linux-2.6-omap-h63xx.git diff --git a/security/Kconfig b/security/Kconfig index 34f593410d5..25ffe1b9dc9 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -22,16 +22,22 @@ config KEYS If you are unsure as to whether this is required, answer N. config KEYS_DEBUG_PROC_KEYS - bool "Enable the /proc/keys file by which all keys may be viewed" + bool "Enable the /proc/keys file by which keys may be viewed" depends on KEYS help - This option turns on support for the /proc/keys file through which - all the keys on the system can be listed. + This option turns on support for the /proc/keys file - through which + can be listed all the keys on the system that are viewable by the + reading process. - This option is a slight security risk in that it makes it possible - for anyone to see all the keys on the system. Normally the manager - pretends keys that are inaccessible to a process don't exist as far - as that process is concerned. + The only keys included in the list are those that grant View + permission to the reading process whether or not it possesses them. + Note that LSM security checks are still performed, and may further + filter out keys that the current process is not authorised to view. + + Only key attributes are listed here; key payloads are not included in + the resulting table. + + If you are unsure as to whether this is required, answer N. config SECURITY bool "Enable different security models" @@ -68,15 +74,26 @@ config SECURITY_NETWORK_XFRM If you are unsure how to answer this question, answer N. config SECURITY_CAPABILITIES - tristate "Default Linux Capabilities" + bool "Default Linux Capabilities" depends on SECURITY + default y help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. +config SECURITY_FILE_CAPABILITIES + bool "File POSIX Capabilities (EXPERIMENTAL)" + depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL + default n + help + This enables filesystem capabilities, allowing you to give + binaries a subset of root's powers without using setuid 0. + + If in doubt, answer N. + config SECURITY_ROOTPLUG - tristate "Root Plug Support" - depends on USB && SECURITY + bool "Root Plug Support" + depends on USB=y && SECURITY help This is a sample LSM module that should only be used as such. It prevents any programs running with egid == 0 if a specific @@ -87,19 +104,8 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. -config SECURITY_SECLVL - tristate "BSD Secure Levels" - depends on SECURITY - select CRYPTO - select CRYPTO_SHA1 - help - Implements BSD Secure Levels as an LSM. See - for instructions on how to use this - module. - - If you are unsure how to answer this question, answer N. - source security/selinux/Kconfig +source security/smack/Kconfig endmenu