[TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux.

TOMOYO Linux 2.0 is implemented using LSM and auditing subsystem.
When you use TOMOYO, you need to enable auditing support and disable all features
(other than TOMOYO Linux) that use LSM because TOMOYO Linux 2.0 has to be built-in.
If you don't want to disable any features that use LSM, please use TOMOYO Linux 1.4.1 instead.

Signed-off-by: Kentaro Takeda <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>

---------------
security/Kconfig         |    1 +
security/Makefile        |    1 +
security/tomoyo/Kconfig  |   22 ++++++++++++++++++++++
security/tomoyo/Makefile |    3 +++
4 files changed, 27 insertions(+)

diff -ubBpErN linux-2.6.21.5/security/Kconfig linux-2.6.21.5-tomoyo/security/Kconfig
--- linux-2.6.21.5/security/Kconfig	2007-06-12 03:37:06.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/Kconfig	2007-06-14 15:02:38.000000000 +0900
@@ -94,6 +94,7 @@ config SECURITY_ROOTPLUG
	  If you are unsure how to answer this question, answer N.

source security/selinux/Kconfig
+source security/tomoyo/Kconfig

endmenu

diff -ubBpErN linux-2.6.21.5/security/Makefile linux-2.6.21.5-tomoyo/security/Makefile
--- linux-2.6.21.5/security/Makefile	2007-06-12 03:37:06.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/Makefile	2007-06-14 15:02:38.000000000 +0900
@@ -16,3 +16,4 @@ obj-$(CONFIG_SECURITY)			+= security.o d
obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
obj-$(CONFIG_SECURITY_CAPABILITIES)	+= commoncap.o capability.o
obj-$(CONFIG_SECURITY_ROOTPLUG)		+= commoncap.o root_plug.o
+obj-$(CONFIG_SECURITY_TOMOYO)		+= tomoyo/
diff -ubBpErN linux-2.6.21.5/security/tomoyo/Kconfig linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig
--- linux-2.6.21.5/security/tomoyo/Kconfig	1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig	2007-06-05 00:00:00.000000000 +0900
@@ -0,0 +1,22 @@
+config SECURITY_TOMOYO
+	bool "TOMOYO Linux support"
+	depends on SECURITY && AUDIT
+	help
+	  Say Y here to support TOMOYO Linux.
+
+	  TOMOYO Linux is applicable to figuring out the system's behavior,
+	  for TOMOYO uses the canonicalized absolute pathnames and
+	  TreeView style domain transitions.
+
+config TOMOYO_MAX_ACCEPT_ENTRY
+	int "Default maximal count for accept mode"
+	default 2048
+	range 0 2147483647
+	depends on SECURITY_TOMOYO
+	help
+	  This is the default value for maximal ACL entries
+	  that are automatically appended into policy at "accept mode".
+	  Some programs access thousands of objects, so running
+	  such programs in "accept mode" dulls the system response
+	  and consumes much memory.
+	  This is the safeguard for such programs.
diff -ubBpErN linux-2.6.21.5/security/tomoyo/Makefile linux-2.6.21.5-tomoyo/security/tomoyo/Makefile
--- linux-2.6.21.5/security/tomoyo/Makefile	1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/Makefile	2007-06-05 00:00:00.000000000 +0900
@@ -0,0 +1,3 @@
+obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo.o tomoyo_func.o
+tomoyo_func-objs := domain.o common.o realpath.o file.o audit.o
+EXTRA_CFLAGS += -Isecurity/tomoyo/include
---------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [TOMOYO 0/9] TOMOYO Linux security module.
    • From: "Kentaro Takeda" <[email protected]>

• Prev by Date: [TOMOYO 1/9] Allow use of namespace_sem from LSM module.
• Next by Date: [TOMOYO 4/9] LSM adapter for TOMOYO.
• Previous by thread: Re: [TOMOYO 1/9] Allow use of namespace_sem from LSM module.
• Next by thread: [TOMOYO 4/9] LSM adapter for TOMOYO.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]