summaryrefslogtreecommitdiff
path: root/security/landlock/Kconfig
blob: 3f1493402052ecde9c263a77651bcdc7b67281ed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# SPDX-License-Identifier: GPL-2.0-only

config SECURITY_LANDLOCK
	bool "Landlock support"
	depends on SECURITY
	select SECURITY_NETWORK
	select SECURITY_PATH
	help
	  Landlock is a sandboxing mechanism that enables processes to restrict
	  themselves (and their future children) by gradually enforcing
	  tailored access control policies.  A Landlock security policy is a
	  set of access rights (e.g. open a file in read-only, make a
	  directory, etc.) tied to a file hierarchy.  Such policy can be
	  configured and enforced by any processes for themselves using the
	  dedicated system calls: landlock_create_ruleset(),
	  landlock_add_rule(), and landlock_restrict_self().

	  See Documentation/userspace-api/landlock.rst for further information.

	  If you are unsure how to answer this question, answer N.  Otherwise,
	  you should also prepend "landlock," to the content of CONFIG_LSM to
	  enable Landlock at boot time.

config SECURITY_LANDLOCK_KUNIT_TEST
	bool "KUnit tests for Landlock" if !KUNIT_ALL_TESTS
	depends on KUNIT=y
	depends on SECURITY_LANDLOCK
	default KUNIT_ALL_TESTS
	help
	  Build KUnit tests for Landlock.

	  See the KUnit documentation in Documentation/dev-tools/kunit

	  Run all KUnit tests for Landlock with:
	  ./tools/testing/kunit/kunit.py run --kunitconfig security/landlock

	  If you are unsure how to answer this question, answer N.