From 6e65f92ff0d6f18580737321718d09035085a3fb Mon Sep 17 00:00:00 2001 From: John Johansen Date: Thu, 5 Nov 2009 17:03:20 -0800 Subject: Config option to set a default LSM The LSM currently requires setting a kernel parameter at boot to select a specific LSM. This adds a config option that allows specifying a default LSM that is used unless overridden with the security= kernel parameter. If the the config option is not set the current behavior of first LSM to register is used. Signed-off-by: John Johansen Acked-by: Serge Hallyn Signed-off-by: James Morris --- security/Kconfig | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'security/Kconfig') diff --git a/security/Kconfig b/security/Kconfig index aeea8c2bb59..95cc08913ca 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -152,5 +152,37 @@ source security/tomoyo/Kconfig source security/integrity/ima/Kconfig +choice + prompt "Default security module" + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO + default DEFAULT_SECURITY_DAC + + help + Select the security module that will be used by default if the + kernel parameter security= is not specified. + + config DEFAULT_SECURITY_SELINUX + bool "SELinux" if SECURITY_SELINUX=y + + config DEFAULT_SECURITY_SMACK + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y + + config DEFAULT_SECURITY_TOMOYO + bool "TOMOYO" if SECURITY_TOMOYO=y + + config DEFAULT_SECURITY_DAC + bool "Unix Discretionary Access Controls" + +endchoice + +config DEFAULT_SECURITY + string + default "selinux" if DEFAULT_SECURITY_SELINUX + default "smack" if DEFAULT_SECURITY_SMACK + default "tomoyo" if DEFAULT_SECURITY_TOMOYO + default "" if DEFAULT_SECURITY_DAC + endmenu -- cgit v1.2.3