Home
last modified time | relevance | path

Searched refs:of (Results 1 – 16 of 16) sorted by relevance

/security/
A DKconfig.hardening27 This option enables initialization of stack variables at
31 on the function calling complexity of a given workload's
34 This chooses the level of coverage over classes of potentially
43 classes of uninitialized stack variable exploits
53 all classes of uninitialized stack variable exploits and
73 classes of uninitialized stack variable exploits and
152 bool "Allow runtime disabling of kernel stack erasing"
247 menu "Hardening of kernel data structures"
250 bool "Check integrity of linked list manipulation"
310 Fully randomize the member layout of sensitive
[all …]
A DKconfig72 For complete descriptions of memory sealing, please see
155 correctly. This level of protection requires a root of trust outside
156 of the kernel itself.
179 can help reduce the impact of kernel NULL pointer bugs.
181 For most ia64, ppc64 and x86 users with lots of address space
182 a value of 65536 is reasonable and should cause no problems.
193 interface. Some of these binaries are statically defined
195 option. However, some of these are dynamically created at
197 To provide an additional layer of security, route all of these
271 string "Ordered list of enabled LSMs"
[all …]
A Ddevice_cgroup.c784 static ssize_t devcgroup_access_write(struct kernfs_open_file *of, in devcgroup_access_write() argument
790 retval = devcgroup_update_access(css_to_devcgroup(of_css(of)), in devcgroup_access_write()
791 of_cft(of)->private, strstrip(buf)); in devcgroup_access_write()
/security/apparmor/
A DKconfig25 provide fine grained control of the debug options that are
43 Set the default value of the apparmor.debug kernel parameter.
52 This option selects whether introspection of loaded policy
55 of loaded policy, and check point and restore support. It
65 This option selects whether introspection of loaded policy
67 filesystem. This option provides a light weight means of
76 This option selects whether sha256 hashing of loaded policy
77 is enabled by default. The generation of sha256 hashes for
97 bool "Perform full verification of loaded policy"
102 verification of loaded policy. This should not be disabled
[all …]
/security/tomoyo/
A DKconfig24 Some programs access thousands of objects, so running
47 operations which can lead to the hijacking of the boot sequence are
49 immediately after loading the fixed part of policy which will allow
51 variant part of policy and verifying (e.g. running GPG check) and
52 loading the variant part of policy. Since you can start using
53 enforcing mode from the beginning, you can reduce the possibility of
57 string "Location of userspace policy loader"
62 This is the default pathname of policy loader which is called before
72 This is the default pathname of activation trigger.
/security/keys/
A DKconfig13 It also includes provision of methods by which such keys might be
17 Furthermore, a special type of key is available that acts as keyring:
18 a searchable sequence of keys. Each process is equipped with access
25 bool "Enable temporary caching of the last request_key() result"
28 This option causes the result of the last successful request_key()
31 resumption of userspace.
37 An example of such a process is a pathwalk through a network
43 bool "Enable register of persistent per-UID keyrings"
46 This option provides a register of persistent per-UID keyrings,
48 in the sense that they stay around after all processes of that UID
[all …]
/security/loadpin/
A DKconfig3 bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
30 that use dm-verity. LoadPin maintains a list of verity root
33 of trusted digests.
35 The list of trusted verity can be populated through an ioctl
37 expects a file descriptor of a file with verity digests as
/security/keys/trusted-keys/
A DKconfig17 Enable use of the Trusted Platform Module (TPM) as trusted key
29 Enable use of the Trusted Execution Environment (TEE) as trusted
39 Enable use of NXP's Cryptographic Accelerator and Assurance Module
48 Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
/security/selinux/
A DKconfig20 command line. The purpose of this option is to allow a single
31 This enables the development support option of SELinux,
55 This option sets the number of buckets used in the sidtab hashtable
56 to 2^SECURITY_SELINUX_SIDTAB_HASH_BITS buckets. The number of hash
66 This option defines the size of the internal SID -> context string
67 cache, which improves the performance of context to string
/security/integrity/
A DKconfig9 of a number of different components including the Integrity
14 Each of these components can be enabled/disabled separately.
27 of the different use cases - evm, ima, and modules.
110 bool "Enable loading of platform and blacklisted keys for POWER"
115 Enable loading of keys to the .platform keyring and blacklisted
125 controls the level of integrity auditing messages.
/security/smack/
A DKconfig13 of other mandatory security schemes.
25 of access initially with the bringup mode set on the
31 "permissive" mode of other systems.
41 This enables security marking of network packets using
/security/integrity/ima/
A DKconfig19 Measurement Architecture(IMA) maintains a list of hash
20 values of executables and other sensitive system files,
22 to change the contents of an important system file
41 a TPM's quote after a soft boot, the IMA measurement list of the
53 that IMA uses to maintain the integrity aggregate of the
215 the usage of the init_module syscall.
241 Adds support for signatures appended to files. The format of the
319 bool "Disable htable to allow measurement of duplicate records"
322 This option disables htable to allow measurement of duplicate records.
332 If set to the default value of 0, an extra half page of memory for those
/security/landlock/
A DKconfig12 set of access rights (e.g. open a file in read-only, make a
21 you should also prepend "landlock," to the content of CONFIG_LSM to
/security/safesetid/
A DKconfig8 SafeSetID is an LSM module that gates the setid family of syscalls to
/security/lockdown/
A DKconfig24 The kernel can be configured to default to differing levels of
/security/ipe/
A DKconfig19 control. A key feature of IPE is a customizable policy to allow

Completed in 18 milliseconds