Version:  2.0.40 2.2.26 2.4.37 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16

Linux/security/integrity/evm/Kconfig

  1 config EVM
  2         boolean "EVM support"
  3         depends on SECURITY
  4         select KEYS
  5         select ENCRYPTED_KEYS
  6         select CRYPTO_HMAC
  7         select CRYPTO_SHA1
  8         default n
  9         help
 10           EVM protects a file's security extended attributes against
 11           integrity attacks.
 12 
 13           If you are unsure how to answer this question, answer N.
 14 
 15 if EVM
 16 
 17 menu "EVM options"
 18 
 19 config EVM_ATTR_FSUUID
 20         bool "FSUUID (version 2)"
 21         default y
 22         depends on EVM
 23         help
 24           Include filesystem UUID for HMAC calculation.
 25 
 26           Default value is 'selected', which is former version 2.
 27           if 'not selected', it is former version 1
 28 
 29           WARNING: changing the HMAC calculation method or adding
 30           additional info to the calculation, requires existing EVM
 31           labeled file systems to be relabeled.
 32 
 33 config EVM_EXTRA_SMACK_XATTRS
 34         bool "Additional SMACK xattrs"
 35         depends on EVM && SECURITY_SMACK
 36         default n
 37         help
 38           Include additional SMACK xattrs for HMAC calculation.
 39 
 40           In addition to the original security xattrs (eg. security.selinux,
 41           security.SMACK64, security.capability, and security.ima) included
 42           in the HMAC calculation, enabling this option includes newly defined
 43           Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
 44           security.SMACK64MMAP.
 45 
 46           WARNING: changing the HMAC calculation method or adding
 47           additional info to the calculation, requires existing EVM
 48           labeled file systems to be relabeled.
 49 
 50 endmenu
 51 
 52 endif

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us