| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4670EF35.7030100@nttdata.co.jp> Date: Thu, 14 Jun 2007 16:33:09 +0900 From: Kentaro Takeda <takedakn@...data.co.jp> To: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: [TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux. TOMOYO Linux 2.0 is implemented using LSM and auditing subsystem. When you use TOMOYO, you need to enable auditing support and disable all features (other than TOMOYO Linux) that use LSM because TOMOYO Linux 2.0 has to be built-in. If you don't want to disable any features that use LSM, please use TOMOYO Linux 1.4.1 instead. Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> --------------- security/Kconfig | 1 + security/Makefile | 1 + security/tomoyo/Kconfig | 22 ++++++++++++++++++++++ security/tomoyo/Makefile | 3 +++ 4 files changed, 27 insertions(+) diff -ubBpErN linux-2.6.21.5/security/Kconfig linux-2.6.21.5-tomoyo/security/Kconfig --- linux-2.6.21.5/security/Kconfig 2007-06-12 03:37:06.000000000 +0900 +++ linux-2.6.21.5-tomoyo/security/Kconfig 2007-06-14 15:02:38.000000000 +0900 @@ -94,6 +94,7 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. source security/selinux/Kconfig +source security/tomoyo/Kconfig endmenu diff -ubBpErN linux-2.6.21.5/security/Makefile linux-2.6.21.5-tomoyo/security/Makefile --- linux-2.6.21.5/security/Makefile 2007-06-12 03:37:06.000000000 +0900 +++ linux-2.6.21.5-tomoyo/security/Makefile 2007-06-14 15:02:38.000000000 +0900 @@ -16,3 +16,4 @@ obj-$(CONFIG_SECURITY) += security.o d obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o +obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/ diff -ubBpErN linux-2.6.21.5/security/tomoyo/Kconfig linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig --- linux-2.6.21.5/security/tomoyo/Kconfig 1970-01-01 09:00:00.000000000 +0900 +++ linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig 2007-06-05 00:00:00.000000000 +0900 @@ -0,0 +1,22 @@ +config SECURITY_TOMOYO + bool "TOMOYO Linux support" + depends on SECURITY && AUDIT + help + Say Y here to support TOMOYO Linux. + + TOMOYO Linux is applicable to figuring out the system's behavior, + for TOMOYO uses the canonicalized absolute pathnames and + TreeView style domain transitions. + +config TOMOYO_MAX_ACCEPT_ENTRY + int "Default maximal count for accept mode" + default 2048 + range 0 2147483647 + depends on SECURITY_TOMOYO + help + This is the default value for maximal ACL entries + that are automatically appended into policy at "accept mode". + Some programs access thousands of objects, so running + such programs in "accept mode" dulls the system response + and consumes much memory. + This is the safeguard for such programs. diff -ubBpErN linux-2.6.21.5/security/tomoyo/Makefile linux-2.6.21.5-tomoyo/security/tomoyo/Makefile --- linux-2.6.21.5/security/tomoyo/Makefile 1970-01-01 09:00:00.000000000 +0900 +++ linux-2.6.21.5-tomoyo/security/tomoyo/Makefile 2007-06-05 00:00:00.000000000 +0900 @@ -0,0 +1,3 @@ +obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo.o tomoyo_func.o +tomoyo_func-objs := domain.o common.o realpath.o file.o audit.o +EXTRA_CFLAGS += -Isecurity/tomoyo/include --------------- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists