aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/security/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/Kconfig23
1 files changed, 10 insertions, 13 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e6db09a779b7..97abeb9b9a19 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -32,11 +32,6 @@ config SECURITY
If you are unsure how to answer this question, answer N.
-config SECURITY_WRITABLE_HOOKS
- depends on SECURITY
- bool
- default n
-
config SECURITYFS
bool "Enable the securityfs filesystem"
help
@@ -110,7 +105,7 @@ config INTEL_TXT
See <https://www.intel.com/technology/security/> for more information
about Intel(R) TXT.
See <http://tboot.sourceforge.net> for more information about tboot.
- See Documentation/x86/intel_txt.rst for a description of how to enable
+ See Documentation/arch/x86/intel_txt.rst for a description of how to enable
Intel TXT support in a kernel boot.
If you are unsure as to whether this is required, answer N.
@@ -246,15 +241,17 @@ endchoice
config LSM
string "Ordered list of enabled LSMs"
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC
- default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"
+ default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
+ default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
+ default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
+ default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
+ default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
help
A comma-separated list of LSMs, in initialization order.
- Any LSMs left off this list will be ignored. This can be
- controlled at boot with the "lsm=" parameter.
+ Any LSMs left off this list, except for those with order
+ LSM_ORDER_FIRST and LSM_ORDER_LAST, which are always enabled
+ if selected in the kernel configuration, will be ignored.
+ This can be controlled at boot with the "lsm=" parameter.
If unsure, leave this as the default.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.