blob: fd5cf0d14e85ce0a60aa9ab1c4b0286b681d9105 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
config SECURITY_CHROMIUMOS
bool "Chromium OS Security Module"
depends on SECURITY
depends on X86_64 || ARM64
help
The purpose of the Chromium OS security module is to reduce attacking
surface by preventing access to general purpose access modes not
required by Chromium OS. Currently: the mount operation is
restricted by requiring a mount point path without symbolic links,
and loading modules is limited to only the root filesystem. This
LSM is stacked ahead of any primary "full" LSM.
config SECURITY_CHROMIUMOS_NO_SYMLINK_MOUNT
bool "Chromium OS Security: prohibit mount to symlinked target"
depends on SECURITY_CHROMIUMOS
default y
help
When enabled mount() syscall will return ELOOP whenever target path
contains any symlinks.
config SECURITY_CHROMIUMOS_NO_UNPRIVILEGED_UNSAFE_MOUNTS
bool "Chromium OS Security: prohibit unsafe mounts in unprivileged user namespaces"
depends on SECURITY_CHROMIUMOS
default y
help
When enabled, mount() syscall will return EPERM whenever a new mount
is attempted that would cause the filesystem to have the exec, suid,
or dev flags if the caller does not have the CAP_SYS_ADMIN capability
in the init namespace.
config ALT_SYSCALL_CHROMIUMOS
bool "Chromium OS Alt-Syscall Tables"
depends on ALT_SYSCALL
help
Register restricted, alternate syscall tables used by Chromium OS
using the alt-syscall infrastructure. Alternate syscall tables
can be selected with prctl(PR_ALT_SYSCALL).
config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
bool "Force /proc/<pid>/mem paths to be read-only"
default y
help
When enabled, attempts to open /proc/self/mem for write access
will always fail. Write access to this file allows bypassing
of memory map permissions (such as modifying read-only code).
|