help
This selects NSA Security-Enhanced Linux (SELinux).
You will also need a policy configuration and a labeled filesystem.
- You can obtain the policy compiler (checkpolicy), the utility for
- labeling filesystems (setfiles), and an example policy configuration
- from <http://www.nsa.gov/selinux/>.
If you are unsure how to answer this question, answer N.
config SECURITY_SELINUX_BOOTPARAM
If you are unsure how to answer this question, answer 1.
-config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
- bool "NSA SELinux enable new secmark network controls by default"
- depends on SECURITY_SELINUX
- default n
- help
- This option determines whether the new secmark-based network
- controls will be enabled by default. If not, the old internal
- per-packet controls will be enabled by default, preserving
- old behavior.
-
- If you enable the new controls, you will need updated
- SELinux userspace libraries, tools and policy. Typically,
- your distribution will provide these and enable the new controls
- in the kernel they also distribute.
-
- Note that this option can be overridden at boot with the
- selinux_compat_net parameter, and after boot via
- /selinux/compat_net. See Documentation/kernel-parameters.txt
- for details on this parameter.
-
- If you enable the new network controls, you will likely
- also require the SECMARK and CONNSECMARK targets, as
- well as any conntrack helpers for protocols which you
- wish to control.
-
- If you are unsure what do do here, select N.
-
config SECURITY_SELINUX_POLICYDB_VERSION_MAX
bool "NSA SELinux maximum supported policy format version"
depends on SECURITY_SELINUX
Examples:
For the Fedora Core 3 or 4 Linux distributions, enable this option
- and set the value via the next option. For Fedore Core 5 and later,
+ and set the value via the next option. For Fedora Core 5 and later,
do not enable this option.
If you are unsure how to answer this question, answer N.
config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
int "NSA SELinux maximum supported policy format version value"
depends on SECURITY_SELINUX_POLICYDB_VERSION_MAX
- range 15 21
+ range 15 23
default 19
help
This option sets the value for the maximum policy format version