Add the rt linux 4.1.3-rt3 as base

[kvmfornfv.git] / kernel / security / integrity / evm / Kconfig

diff --git a/kernel/security/integrity/evm/Kconfig b/kernel/security/integrity/evm/Kconfig
new file mode 100644 (file)
index 0000000..bf19723
--- /dev/null
+++ b/kernel/security/integrity/evm/Kconfig
@@ -0,0 +1,44 @@
+config EVM
+       bool "EVM support"
+       select KEYS
+       select ENCRYPTED_KEYS
+       select CRYPTO_HMAC
+       select CRYPTO_SHA1
+       default n
+       help
+         EVM protects a file's security extended attributes against
+         integrity attacks.
+
+         If you are unsure how to answer this question, answer N.
+
+config EVM_ATTR_FSUUID
+       bool "FSUUID (version 2)"
+       default y
+       depends on EVM
+       help
+         Include filesystem UUID for HMAC calculation.
+
+         Default value is 'selected', which is former version 2.
+         if 'not selected', it is former version 1
+
+         WARNING: changing the HMAC calculation method or adding
+         additional info to the calculation, requires existing EVM
+         labeled file systems to be relabeled.
+
+config EVM_EXTRA_SMACK_XATTRS
+       bool "Additional SMACK xattrs"
+       depends on EVM && SECURITY_SMACK
+       default n
+       help
+         Include additional SMACK xattrs for HMAC calculation.
+
+         In addition to the original security xattrs (eg. security.selinux,
+         security.SMACK64, security.capability, and security.ima) included
+         in the HMAC calculation, enabling this option includes newly defined
+         Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and
+         security.SMACK64MMAP.
+
+         WARNING: changing the HMAC calculation method or adding
+         additional info to the calculation, requires existing EVM
+         labeled file systems to be relabeled.
+