Revonzy Mini Shell

Revonzy Mini Shell

Şuanki Dizin: /usr/src/kernels/5.14.0-503.21.1.el9_5.x86_64/security/lockdown/
Dosya Yükle :
Şuanki Dosya : //usr/src/kernels/5.14.0-503.21.1.el9_5.x86_64/security/lockdown/Kconfig

config SECURITY_LOCKDOWN_LSM
	bool "Basic module for enforcing kernel lockdown"
	depends on SECURITY
	select MODULE_SIG if MODULES
	help
	  Build support for an LSM that enforces a coarse kernel lockdown
	  behaviour.

config SECURITY_LOCKDOWN_LSM_EARLY
	bool "Enable lockdown LSM early in init"
	depends on SECURITY_LOCKDOWN_LSM
	help
	  Enable the lockdown LSM early in boot. This is necessary in order
	  to ensure that lockdown enforcement can be carried out on kernel
	  boot parameters that are otherwise parsed before the security
	  subsystem is fully initialised. If enabled, lockdown will
	  unconditionally be called before any other LSMs.

config LOCK_DOWN_IN_EFI_SECURE_BOOT
	bool "Lock down the kernel in EFI Secure Boot mode"
	default n
	depends on EFI && SECURITY_LOCKDOWN_LSM_EARLY
	help
	  UEFI Secure Boot provides a mechanism for ensuring that the firmware
	  will only load signed bootloaders and kernels.  Secure boot mode may
	  be determined from EFI variables provided by the system firmware if
	  not indicated by the boot parameters.

	  Enabling this option results in kernel lockdown being triggered if
	  EFI Secure Boot is set.

choice
	prompt "Kernel default lockdown mode"
	default LOCK_DOWN_KERNEL_FORCE_NONE
	depends on SECURITY_LOCKDOWN_LSM
	help
	  The kernel can be configured to default to differing levels of
	  lockdown.

config LOCK_DOWN_KERNEL_FORCE_NONE
	bool "None"
	help
	  No lockdown functionality is enabled by default. Lockdown may be
	  enabled via the kernel commandline or /sys/kernel/security/lockdown.

config LOCK_DOWN_KERNEL_FORCE_INTEGRITY
	bool "Integrity"
	help
	 The kernel runs in integrity mode by default. Features that allow
	 the kernel to be modified at runtime are disabled.

config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY
	bool "Confidentiality"
	help
	 The kernel runs in confidentiality mode by default. Features that
	 allow the kernel to be modified at runtime or that permit userland
	 code to read confidential material held inside the kernel are
	 disabled.

endchoice

EliteHackz.ORG
Revonzy Mini Shell
root@revonzy.com

Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4