30 lines
1.2 KiB
Plaintext
30 lines
1.2 KiB
Plaintext
config SECURITY_CHROMIUMOS
|
|
bool "Chromium OS Security Module"
|
|
depends on SECURITY
|
|
depends on X86_64 || ARM64
|
|
help
|
|
The purpose of the Chromium OS security module is to reduce attacking
|
|
surface by preventing access to general purpose access modes not
|
|
required by Chromium OS. Currently: the mount operation is
|
|
restricted by requiring a mount point path without symbolic links,
|
|
and loading modules is limited to only the root filesystem. This
|
|
LSM is stacked ahead of any primary "full" LSM.
|
|
|
|
config SECURITY_CHROMIUMOS_NO_SYMLINK_MOUNT
|
|
bool "Chromium OS Security: prohibit mount to symlinked target"
|
|
depends on SECURITY_CHROMIUMOS
|
|
default y
|
|
help
|
|
When enabled mount() syscall will return ELOOP whenever target path
|
|
contains any symlinks.
|
|
|
|
config SECURITY_CHROMIUMOS_NO_UNPRIVILEGED_UNSAFE_MOUNTS
|
|
bool "Chromium OS Security: prohibit unsafe mounts in unprivileged user namespaces"
|
|
depends on SECURITY_CHROMIUMOS
|
|
default y
|
|
help
|
|
When enabled, mount() syscall will return EPERM whenever a new mount
|
|
is attempted that would cause the filesystem to have the exec, suid,
|
|
or dev flags if the caller does not have the CAP_SYS_ADMIN capability
|
|
in the init namespace.
|