Initial Landlock Kconfig needed to split the Landlock eBPF and seccomp parts to ease the review.
Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: James Morris <james.l.mor...@oracle.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Serge E. Hallyn <se...@hallyn.com> --- security/Kconfig | 1 + security/landlock/Kconfig | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 security/landlock/Kconfig diff --git a/security/Kconfig b/security/Kconfig index 176758cdfa57..be6c549dd0ca 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -124,6 +124,7 @@ source security/tomoyo/Kconfig source security/apparmor/Kconfig source security/loadpin/Kconfig source security/yama/Kconfig +source security/landlock/Kconfig source security/integrity/Kconfig diff --git a/security/landlock/Kconfig b/security/landlock/Kconfig new file mode 100644 index 000000000000..dc8328d216d7 --- /dev/null +++ b/security/landlock/Kconfig @@ -0,0 +1,16 @@ +config SECURITY_LANDLOCK + bool "Landlock sandbox support" + depends on SECURITY + select BPF_SYSCALL + select SECCOMP + default y + help + Landlock is a stacked LSM which allows any user to load a security policy + to restrict their processes (i.e. create a sandbox). The policy is a list + of stacked eBPF programs for some LSM hooks. Each program can do some + access comparison to check if an access request is legitimate. + + Further information about eBPF can be found in + Documentation/networking/filter.txt + + If you are unsure how to answer this question, answer Y. -- 2.8.1
