projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge commit 'v3.17' into next
[firefly-linux-kernel-4.4.55.git] / security / smack / Kconfig
diff --git a/security/smack/Kconfig b/security/smack/Kconfig
index e69de9c642b7f03c8648457495511ca0c8bc839c..b065f97894185557c88fe77c554719a3deca955d 100644 (file)
--- a/security/smack/Kconfig
+++ b/security/smack/Kconfig
@@ -12,3 +12,19 @@ config SECURITY_SMACK
          of other mandatory security schemes.
          If you are unsure how to answer this question, answer N.
 
+config SECURITY_SMACK_BRINGUP
+       bool "Reporting on access granted by Smack rules"
+       depends on SECURITY_SMACK
+       default n
+       help
+         Enable the bring-up ("b") access mode in Smack rules.
+         When access is granted by a rule with the "b" mode a
+         message about the access requested is generated. The
+         intention is that a process can be granted a wide set
+         of access initially with the bringup mode set on the
+         rules. The developer can use the information to
+         identify which rules are necessary and what accesses
+         may be inappropriate. The developer can reduce the
+         access rule set once the behavior is well understood.
+         This is a superior mechanism to the oft abused
+         "permissive" mode of other systems.
Unnamed repository; edit this file 'description' to name the repository.