config EVM bool "EVM support" select KEYS select ENCRYPTED_KEYS select CRYPTO_HMAC select CRYPTO_SHA1 default n help EVM protects a file's security extended attributes against integrity attacks. If you are unsure how to answer this question, answer N. config EVM_ATTR_FSUUID bool "FSUUID (version 2)" default y depends on EVM help Include filesystem UUID for HMAC calculation. Default value is 'selected', which is former version 2. if 'not selected', it is former version 1 WARNING: changing the HMAC calculation method or adding additional info to the calculation, requires existing EVM labeled file systems to be relabeled. config EVM_EXTRA_SMACK_XATTRS bool "Additional SMACK xattrs" depends on EVM && SECURITY_SMACK default n help Include additional SMACK xattrs for HMAC calculation. In addition to the original security xattrs (eg. security.selinux, security.SMACK64, security.capability, and security.ima) included in the HMAC calculation, enabling this option includes newly defined Smack xattrs: security.SMACK64EXEC, security.SMACK64TRANSMUTE and security.SMACK64MMAP. WARNING: changing the HMAC calculation method or adding additional info to the calculation, requires existing EVM labeled file systems to be relabeled. config EVM_LOAD_X509 bool "Load an X509 certificate onto the '.evm' trusted keyring" depends on EVM && INTEGRITY_TRUSTED_KEYRING default n help Load an X509 certificate onto the '.evm' trusted keyring. This option enables X509 certificate loading from the kernel onto the '.evm' trusted keyring. A public key can be used to verify EVM integrity starting from the 'init' process. config EVM_X509_PATH string "EVM X509 certificate path" depends on EVM_LOAD_X509 default "/etc/keys/x509_evm.der" help This option defines X509 certificate path. 437e848e'>treecommitdiff
path: root/net/ceph/Kconfig
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-01-01 12:27:05 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-01 12:27:05 -0800
commit4759d386d55fef452d692bf101167914437e848e (patch)
treee7109c192ec589fcea2a98f9702aa3c0e4009581 /net/ceph/Kconfig
parent238d1d0f79f619d75c2cc741d6770fb0986aef24 (diff)
parent1db175428ee374489448361213e9c3b749d14900 (diff)
Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull DAX updates from Dan Williams: "The completion of Jan's DAX work for 4.10. As I mentioned in the libnvdimm-for-4.10 pull request, these are some final fixes for the DAX dirty-cacheline-tracking invalidation work that was merged through the -mm, ext4, and xfs trees in -rc1. These patches were prepared prior to the merge window, but we waited for 4.10-rc1 to have a stable merge base after all the prerequisites were merged. Quoting Jan on the overall changes in these patches: "So I'd like all these 6 patches to go for rc2. The first three patches fix invalidation of exceptional DAX entries (a bug which is there for a long time) - without these patches data loss can occur on power failure even though user called fsync(2). The other three patches change locking of DAX faults so that ->iomap_begin() is called in a more relaxed locking context and we are safe to start a transaction there for ext4" These have received a build success notification from the kbuild robot, and pass the latest libnvdimm unit tests. There have not been any -next releases since -rc1, so they have not appeared there" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: ext4: Simplify DAX fault path dax: Call ->iomap_begin without entry lock during dax fault dax: Finish fault completely when loading holes dax: Avoid page invalidation races and unnecessary radix tree traversals mm: Invalidate DAX radix tree entries only if appropriate ext2: Return BH_New buffers for zeroed blocks
Diffstat (limited to 'net/ceph/Kconfig')