X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2FKconfig;h=a6807ffabfab74b4adc9f6683c870b0427da62b0;hb=a2f44b27303a5353859d77a3e96a1d3f33f56ab7;hp=dcf04a09185de5fbd3507e221de81abbe9be90f1;hpb=20fcd31c96d8a7938e49ec2bc2249a5256b1ab2f;p=linux-2.6.git diff --git a/security/Kconfig b/security/Kconfig index dcf04a091..a6807ffab 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -6,6 +6,7 @@ menu "Security options" config KEYS bool "Enable access key retention support" + depends on !VSERVER_SECURITY help This option provides support for retaining authentication tokens and access keys in the kernel. @@ -22,19 +23,26 @@ config KEYS If you are unsure as to whether this is required, answer N. config KEYS_DEBUG_PROC_KEYS - bool "Enable the /proc/keys file by which all keys may be viewed" + bool "Enable the /proc/keys file by which keys may be viewed" depends on KEYS help - This option turns on support for the /proc/keys file through which - all the keys on the system can be listed. + This option turns on support for the /proc/keys file - through which + can be listed all the keys on the system that are viewable by the + reading process. - This option is a slight security risk in that it makes it possible - for anyone to see all the keys on the system. Normally the manager - pretends keys that are inaccessible to a process don't exist as far - as that process is concerned. + The only keys included in the list are those that grant View + permission to the reading process whether or not it possesses them. + Note that LSM security checks are still performed, and may further + filter out keys that the current process is not authorised to view. + + Only key attributes are listed here; key payloads are not included in + the resulting table. + + If you are unsure as to whether this is required, answer N. config SECURITY bool "Enable different security models" + depends on SYSFS help This allows you to choose different security modules to be configured into your kernel. @@ -53,6 +61,19 @@ config SECURITY_NETWORK implement socket and networking access controls. If you are unsure how to answer this question, answer N. +config SECURITY_NETWORK_XFRM + bool "XFRM (IPSec) Networking Security Hooks" + depends on XFRM && SECURITY_NETWORK + help + This enables the XFRM (IPSec) networking security hooks. + If enabled, a security module can use these hooks to + implement per-packet access controls based on labels + derived from IPSec policy. Non-IPSec communications are + designated as unlabelled, and only sockets authorized + to communicate unlabelled data can send without using + IPSec. + If you are unsure how to answer this question, answer N. + config SECURITY_CAPABILITIES tristate "Default Linux Capabilities" depends on SECURITY @@ -73,18 +94,6 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. -config SECURITY_SECLVL - tristate "BSD Secure Levels" - depends on SECURITY - select CRYPTO - select CRYPTO_SHA1 - help - Implements BSD Secure Levels as an LSM. See - for instructions on how to use this - module. - - If you are unsure how to answer this question, answer N. - source security/selinux/Kconfig endmenu