| # SPDX-License-Identifier: GPL-2.0-only |
| config SECURITY_TOMOYO |
| bool "TOMOYO Linux Support" |
| depends on SECURITY |
| depends on NET |
| select SECURITYFS |
| select SECURITY_PATH |
| select SECURITY_NETWORK |
| default n |
| help |
| This selects TOMOYO Linux, pathname-based access control. |
| Required userspace tools and further information may be |
| found at <https://tomoyo.sourceforge.net/>. |
| If you are unsure how to answer this question, answer N. |
| |
| config SECURITY_TOMOYO_LKM |
| bool "Cut out most of TOMOYO's code to a loadable kernel module" |
| default n |
| depends on SECURITY_TOMOYO |
| depends on MODULES |
| help |
| Say Y here if you want to include TOMOYO without bloating |
| vmlinux file. If you say Y, most of TOMOYO code is cut out to |
| a loadable kernel module named tomoyo.ko . This option will be |
| useful for kernels built by Linux distributors where TOMOYO is |
| included but TOMOYO is not enabled by default. Please be sure |
| to explicitly load tomoyo.ko if you want to activate TOMOYO |
| without calling userspace policy loader, for tomoyo.ko is |
| loaded immediately before calling userspace policy loader. |
| |
| config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY |
| int "Default maximal count for learning mode" |
| default 2048 |
| range 0 2147483647 |
| depends on SECURITY_TOMOYO |
| help |
| This is the default value for maximal ACL entries |
| that are automatically appended into policy at "learning mode". |
| Some programs access thousands of objects, so running |
| such programs in "learning mode" dulls the system response |
| and consumes much memory. |
| This is the safeguard for such programs. |
| |
| config SECURITY_TOMOYO_MAX_AUDIT_LOG |
| int "Default maximal count for audit log" |
| default 1024 |
| range 0 2147483647 |
| depends on SECURITY_TOMOYO |
| help |
| This is the default value for maximal entries for |
| audit logs that the kernel can hold on memory. |
| You can read the log via /sys/kernel/security/tomoyo/audit. |
| If you don't need audit logs, you may set this value to 0. |
| |
| config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| bool "Activate without calling userspace policy loader." |
| default n |
| depends on SECURITY_TOMOYO |
| help |
| Say Y here if you want to activate access control as soon as built-in |
| policy was loaded. This option will be useful for systems where |
| operations which can lead to the hijacking of the boot sequence are |
| needed before loading the policy. For example, you can activate |
| immediately after loading the fixed part of policy which will allow |
| only operations needed for mounting a partition which contains the |
| variant part of policy and verifying (e.g. running GPG check) and |
| loading the variant part of policy. Since you can start using |
| enforcing mode from the beginning, you can reduce the possibility of |
| hijacking the boot sequence. |
| |
| config SECURITY_TOMOYO_POLICY_LOADER |
| string "Location of userspace policy loader" |
| default "/sbin/tomoyo-init" |
| depends on SECURITY_TOMOYO |
| depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| help |
| This is the default pathname of policy loader which is called before |
| activation. You can override this setting via TOMOYO_loader= kernel |
| command line option. |
| |
| config SECURITY_TOMOYO_ACTIVATION_TRIGGER |
| string "Trigger for calling userspace policy loader" |
| default "/sbin/init" |
| depends on SECURITY_TOMOYO |
| depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| help |
| This is the default pathname of activation trigger. |
| You can override this setting via TOMOYO_trigger= kernel command line |
| option. For example, if you pass init=/bin/systemd option, you may |
| want to also pass TOMOYO_trigger=/bin/systemd option. |
| |
| config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING |
| bool "Use insecure built-in settings for fuzzing tests." |
| default n |
| depends on SECURITY_TOMOYO |
| select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| help |
| Enabling this option forces minimal built-in policy and disables |
| domain/program checks for run-time policy modifications. Please enable |
| this option only if this kernel is built for doing fuzzing tests. |