On Sat, Aug 25, 2018 at 12:42 AM Casey Schaufler <[email protected]> wrote: > +config SECURITY_SIDECHANNEL_CAPABILITIES > + bool "Sidechannel check on capability sets" > + depends on SECURITY_SIDECHANNEL > + depends on !SECURITY_SIDECHANNEL_ALWAYS > + default n > + select SECURITY_SIDECHANNEL_NAMESPACES if USER_NS > + help > + Assume that tasks with different sets of privilege may be > + subject to side-channel attacks. Potential interactions > + where the attacker lacks capabilities the attacked has > + are blocked. Selecting this when user namespaces (USER_NS) > + are enabled will enable SECURITY_SIDECHANNEL_NAMESPACES.
Thanks! _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
