diff options
Diffstat (limited to 'security/Kconfig')
| -rw-r--r-- | security/Kconfig | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/security/Kconfig b/security/Kconfig index 460e5c9cf496..8086e61058e3 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -74,15 +74,25 @@ config SECURITY_NETWORK_XFRM If you are unsure how to answer this question, answer N. config SECURITY_CAPABILITIES - tristate "Default Linux Capabilities" + bool "Default Linux Capabilities" depends on SECURITY help This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. +config SECURITY_FILE_CAPABILITIES + bool "File POSIX Capabilities (EXPERIMENTAL)" + depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL + default n + help + This enables filesystem capabilities, allowing you to give + binaries a subset of root's powers without using setuid 0. + + If in doubt, answer N. + config SECURITY_ROOTPLUG - tristate "Root Plug Support" - depends on USB && SECURITY + bool "Root Plug Support" + depends on USB=y && SECURITY help This is a sample LSM module that should only be used as such. It prevents any programs running with egid == 0 if a specific |
