summaryrefslogtreecommitdiff
path: root/security/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2011-12-21 12:17:04 -0800
committerJames Morris <jmorris@namei.org>2012-02-10 09:18:52 +1100
commit2d514487faf188938a4ee4fb3464eeecfbdcf8eb (patch)
tree42147f0459ab062375f63891943242e3b95797bb /security/Kconfig
parent1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8 (diff)
security: Yama LSM
This adds the Yama Linux Security Module to collect DAC security improvements (specifically just ptrace restrictions for now) that have existed in various forms over the years and have been carried outside the mainline kernel by other Linux distributions like Openwall and grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig6
1 files changed, 6 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 51bd5a0b69ae..ccc61f8006b2 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -187,6 +187,7 @@ source security/selinux/Kconfig
source security/smack/Kconfig
source security/tomoyo/Kconfig
source security/apparmor/Kconfig
+source security/yama/Kconfig
source security/integrity/Kconfig
@@ -196,6 +197,7 @@ choice
default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
+ default DEFAULT_SECURITY_YAMA if SECURITY_YAMA
default DEFAULT_SECURITY_DAC
help
@@ -214,6 +216,9 @@ choice
config DEFAULT_SECURITY_APPARMOR
bool "AppArmor" if SECURITY_APPARMOR=y
+ config DEFAULT_SECURITY_YAMA
+ bool "Yama" if SECURITY_YAMA=y
+
config DEFAULT_SECURITY_DAC
bool "Unix Discretionary Access Controls"
@@ -225,6 +230,7 @@ config DEFAULT_SECURITY
default "smack" if DEFAULT_SECURITY_SMACK
default "tomoyo" if DEFAULT_SECURITY_TOMOYO
default "apparmor" if DEFAULT_SECURITY_APPARMOR
+ default "yama" if DEFAULT_SECURITY_YAMA
default "" if DEFAULT_SECURITY_DAC
endmenu