diff options
Diffstat (limited to 'security/integrity/evm/Kconfig')
-rw-r--r-- | security/integrity/evm/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig index 0df4f7a2f1e..d606f3d12d6 100644 --- a/security/integrity/evm/Kconfig +++ b/security/integrity/evm/Kconfig @@ -30,6 +30,23 @@ config EVM_ATTR_FSUUID additional info to the calculation, requires existing EVM labeled file systems to be relabeled. +config EVM_EXTRA_SMACK_XATTRS + bool "Additional SMACK xattrs" + depends on EVM && SECURITY_SMACK + default n + help + Include additional SMACK xattrs for HMAC calculation. + + In addition to the original security xattrs (eg. security.selinux, + security.SMACK64, security.capability, and security.ima) included + in the HMAC calculation, enabling this option includes newly defined + Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and + security.SMACK64MMAP. + + WARNING: changing the HMAC calculation method or adding + additional info to the calculation, requires existing EVM + labeled file systems to be relabeled. + endmenu endif |