URL
https://opencores.org/ocsvn/test_project/test_project/trunk
Subversion Repositories test_project
[/] [test_project/] [trunk/] [linux_sd_driver/] [security/] [Kconfig] - Rev 62
Compare with Previous | Blame | View Log
## Security configuration#menu "Security options"config KEYSbool "Enable access key retention support"helpThis option provides support for retaining authentication tokens andaccess keys in the kernel.It also includes provision of methods by which such keys might beassociated with a process so that network filesystems, encryptionsupport and the like can find them.Furthermore, a special type of key is available that acts as keyring:a searchable sequence of keys. Each process is equipped with accessto five standard keyrings: UID-specific, GID-specific, session,process and thread.If you are unsure as to whether this is required, answer N.config KEYS_DEBUG_PROC_KEYSbool "Enable the /proc/keys file by which keys may be viewed"depends on KEYShelpThis option turns on support for the /proc/keys file - through whichcan be listed all the keys on the system that are viewable by thereading process.The only keys included in the list are those that grant Viewpermission to the reading process whether or not it possesses them.Note that LSM security checks are still performed, and may furtherfilter out keys that the current process is not authorised to view.Only key attributes are listed here; key payloads are not included inthe resulting table.If you are unsure as to whether this is required, answer N.config SECURITYbool "Enable different security models"depends on SYSFShelpThis allows you to choose different security modules to beconfigured into your kernel.If this option is not selected, the default Linux securitymodel will be used.If you are unsure how to answer this question, answer N.config SECURITY_NETWORKbool "Socket and Networking Security Hooks"depends on SECURITYhelpThis enables the socket and networking security hooks.If enabled, a security module can use these hooks toimplement socket and networking access controls.If you are unsure how to answer this question, answer N.config SECURITY_NETWORK_XFRMbool "XFRM (IPSec) Networking Security Hooks"depends on XFRM && SECURITY_NETWORKhelpThis enables the XFRM (IPSec) networking security hooks.If enabled, a security module can use these hooks toimplement per-packet access controls based on labelsderived from IPSec policy. Non-IPSec communications aredesignated as unlabelled, and only sockets authorizedto communicate unlabelled data can send without usingIPSec.If you are unsure how to answer this question, answer N.config SECURITY_CAPABILITIESbool "Default Linux Capabilities"depends on SECURITYhelpThis enables the "default" Linux capabilities functionality.If you are unsure how to answer this question, answer Y.config SECURITY_FILE_CAPABILITIESbool "File POSIX Capabilities (EXPERIMENTAL)"depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTALdefault nhelpThis enables filesystem capabilities, allowing you to givebinaries a subset of root's powers without using setuid 0.If in doubt, answer N.config SECURITY_ROOTPLUGbool "Root Plug Support"depends on USB=y && SECURITYhelpThis is a sample LSM module that should only be used as such.It prevents any programs running with egid == 0 if a specificUSB device is not present in the system.See <http://www.linuxjournal.com/article.php?sid=6279> formore information about this module.If you are unsure how to answer this question, answer N.source security/selinux/Kconfigendmenu