[TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



TOMOYO Linux 2.0 is implemented using LSM and auditing subsystem.
When you use TOMOYO, you need to enable auditing support and disable all features
(other than TOMOYO Linux) that use LSM because TOMOYO Linux 2.0 has to be built-in.
If you don't want to disable any features that use LSM, please use TOMOYO Linux 1.4.1 instead.

Signed-off-by: Kentaro Takeda <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>

---------------
security/Kconfig         |    1 +
security/Makefile        |    1 +
security/tomoyo/Kconfig  |   22 ++++++++++++++++++++++
security/tomoyo/Makefile |    3 +++
4 files changed, 27 insertions(+)

diff -ubBpErN linux-2.6.21.5/security/Kconfig linux-2.6.21.5-tomoyo/security/Kconfig
--- linux-2.6.21.5/security/Kconfig	2007-06-12 03:37:06.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/Kconfig	2007-06-14 15:02:38.000000000 +0900
@@ -94,6 +94,7 @@ config SECURITY_ROOTPLUG
	  If you are unsure how to answer this question, answer N.

source security/selinux/Kconfig
+source security/tomoyo/Kconfig

endmenu

diff -ubBpErN linux-2.6.21.5/security/Makefile linux-2.6.21.5-tomoyo/security/Makefile
--- linux-2.6.21.5/security/Makefile	2007-06-12 03:37:06.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/Makefile	2007-06-14 15:02:38.000000000 +0900
@@ -16,3 +16,4 @@ obj-$(CONFIG_SECURITY)			+= security.o d
obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
obj-$(CONFIG_SECURITY_CAPABILITIES)	+= commoncap.o capability.o
obj-$(CONFIG_SECURITY_ROOTPLUG)		+= commoncap.o root_plug.o
+obj-$(CONFIG_SECURITY_TOMOYO)		+= tomoyo/
diff -ubBpErN linux-2.6.21.5/security/tomoyo/Kconfig linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig
--- linux-2.6.21.5/security/tomoyo/Kconfig	1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/Kconfig	2007-06-05 00:00:00.000000000 +0900
@@ -0,0 +1,22 @@
+config SECURITY_TOMOYO
+	bool "TOMOYO Linux support"
+	depends on SECURITY && AUDIT
+	help
+	  Say Y here to support TOMOYO Linux.
+
+	  TOMOYO Linux is applicable to figuring out the system's behavior,
+	  for TOMOYO uses the canonicalized absolute pathnames and
+	  TreeView style domain transitions.
+
+config TOMOYO_MAX_ACCEPT_ENTRY
+	int "Default maximal count for accept mode"
+	default 2048
+	range 0 2147483647
+	depends on SECURITY_TOMOYO
+	help
+	  This is the default value for maximal ACL entries
+	  that are automatically appended into policy at "accept mode".
+	  Some programs access thousands of objects, so running
+	  such programs in "accept mode" dulls the system response
+	  and consumes much memory.
+	  This is the safeguard for such programs.
diff -ubBpErN linux-2.6.21.5/security/tomoyo/Makefile linux-2.6.21.5-tomoyo/security/tomoyo/Makefile
--- linux-2.6.21.5/security/tomoyo/Makefile	1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/Makefile	2007-06-05 00:00:00.000000000 +0900
@@ -0,0 +1,3 @@
+obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo.o tomoyo_func.o
+tomoyo_func-objs := domain.o common.o realpath.o file.o audit.o
+EXTRA_CFLAGS += -Isecurity/tomoyo/include
---------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux