X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=security%2FKconfig;h=49b51f964897dcb7133be9b58f1b936462bb6309;hb=2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639;hp=a94ee94cf491384e85b461e350b22205a68849b7;hpb=20510f2f4e2dabb0ff6c13901807627ec9452f98;p=safe%2Fjmp%2Flinux-2.6 diff --git a/security/Kconfig b/security/Kconfig index a94ee94..49b51f9 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -76,10 +76,21 @@ config SECURITY_NETWORK_XFRM config SECURITY_CAPABILITIES bool "Default Linux Capabilities" depends on SECURITY + default y help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. +config SECURITY_FILE_CAPABILITIES + bool "File POSIX Capabilities (EXPERIMENTAL)" + depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL + default n + help + This enables filesystem capabilities, allowing you to give + binaries a subset of root's powers without using setuid 0. + + If in doubt, answer N. + config SECURITY_ROOTPLUG bool "Root Plug Support" depends on USB=y && SECURITY @@ -93,7 +104,28 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. +config SECURITY_DEFAULT_MMAP_MIN_ADDR + int "Low address space to protect from user allocation" + depends on SECURITY + default 0 + help + This is the portion of low virtual memory which should be protected + from userspace allocation. Keeping a user from writing to low pages + can help reduce the impact of kernel NULL pointer bugs. + + For most ia64, ppc64 and x86 users with lots of address space + a value of 65536 is reasonable and should cause no problems. + On arm and other archs it should not be higher than 32768. + Programs which use vm86 functionality would either need additional + permissions from either the LSM or the capabilities module or have + this protection disabled. + + This value can be changed after boot using the + /proc/sys/vm/mmap_min_addr tunable. + + source security/selinux/Kconfig +source security/smack/Kconfig endmenu