config SECURITY_TOMOYO bool "TOMOYO Linux Support" depends on SECURITY depends on NET select SECURITYFS select SECURITY_PATH select SECURITY_NETWORK select SRCU select BUILD_BIN2C default n help This selects TOMOYO Linux, pathname-based access control. Required userspace tools and further information may be found at . If you are unsure how to answer this question, answer N. config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY int "Default maximal count for learning mode" default 2048 range 0 2147483647 depends on SECURITY_TOMOYO help This is the default value for maximal ACL entries that are automatically appended into policy at "learning mode". Some programs access thousands of objects, so running such programs in "learning mode" dulls the system response and consumes much memory. This is the safeguard for such programs. config SECURITY_TOMOYO_MAX_AUDIT_LOG int "Default maximal count for audit log" default 1024 range 0 2147483647 depends on SECURITY_TOMOYO help This is the default value for maximal entries for audit logs that the kernel can hold on memory. You can read the log via /sys/kernel/security/tomoyo/audit. If you don't need audit logs, you may set this value to 0. config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER bool "Activate without calling userspace policy loader." default n depends on SECURITY_TOMOYO ---help--- Say Y here if you want to activate access control as soon as built-in policy was loaded. This option will be useful for systems where operations which can lead to the hijacking of the boot sequence are needed before loading the policy. For example, you can activate immediately after loading the fixed part of policy which will allow only operations needed for mounting a partition which contains the variant part of policy and verifying (e.g. running GPG check) and loading the variant part of policy. Since you can start using enforcing mode from the beginning, you can reduce the possibility of hijacking the boot sequence. config SECURITY_TOMOYO_POLICY_LOADER string "Location of userspace policy loader" default "/sbin/tomoyo-init" depends on SECURITY_TOMOYO depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER ---help--- This is the default pathname of policy loader which is called before activation. You can override this setting via TOMOYO_loader= kernel command line option. config SECURITY_TOMOYO_ACTIVATION_TRIGGER string "Trigger for calling userspace policy loader" default "/sbin/init" depends on SECURITY_TOMOYO depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER ---help--- This is the default pathname of activation trigger. You can override this setting via TOMOYO_trigger= kernel command line option. For example, if you pass init=/bin/systemd option, you may want to also pass TOMOYO_trigger=/bin/systemd option. 1c47554f8eb2d9f520642ba'>root/net/ipv6
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-01-17 09:33:10 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-01-17 09:33:10 -0800
commit4b19a9e20bf99d62e1c47554f8eb2d9f520642ba (patch)
treee88418808c867ed54bca5ff357b96737ce3720d6 /net/ipv6
parent203f80f1c4187b2d5b3a282586fa6cc6d9503d4b (diff)
parent0faa9cb5b3836a979864a6357e01d2046884ad52 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Handle multicast packets properly in fast-RX path of mac80211, from Johannes Berg. 2) Because of a logic bug, the user can't actually force SW checksumming on r8152 devices. This makes diagnosis of hw checksumming bugs really annoying. Fix from Hayes Wang. 3) VXLAN route lookup does not take the source and destination ports into account, which means IPSEC policies cannot be matched properly. Fix from Martynas Pumputis. 4) Do proper RCU locking in netvsc callbacks, from Stephen Hemminger. 5) Fix SKB leaks in mlxsw driver, from Arkadi Sharshevsky. 6) If lwtunnel_fill_encap() fails, we do not abort the netlink message construction properly in fib_dump_info(), from David Ahern. 7) Do not use kernel stack for DMA buffers in atusb driver, from Stefan Schmidt. 8) Openvswitch conntack actions need to maintain a correct checksum, fix from Lance Richardson. 9) ax25_disconnect() is missing a check for ax25->sk being NULL, in fact it already checks this, but not in all of the necessary spots. Fix from Basil Gunn. 10) Action GET operations in the packet scheduler can erroneously bump the reference count of the entry, making it unreleasable. Fix from Jamal Hadi Salim. Jamal gives a great set of example command lines that trigger this in the commit message. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits) net sched actions: fix refcnt when GETing of action after bind net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions net/mlx4_core: Fix racy CQ (Completion Queue) free net: stmmac: don't use netdev_[dbg, info, ..] before net_device is registered net/mlx5e: Fix a -Wmaybe-uninitialized warning ax25: Fix segfault after sock connection timeout bpf: rework prog_digest into prog_tag tipc: allocate user memory with GFP_KERNEL flag net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types ip6_tunnel: Account for tunnel header in tunnel MTU mld: do not remove mld souce list info when set link down be2net: fix MAC addr setting on privileged BE3 VFs be2net: don't delete MAC on close on unprivileged BE3 VFs be2net: fix status check in be_cmd_pmac_add() cpmac: remove hopeless #warning ravb: do not use zero-length alignment DMA descriptor mlx4: do not call napi_schedule() without care openvswitch: maintain correct checksum state in conntrack actions tcp: fix tcp_fastopen unaligned access complaints on sparc ...
Diffstat (limited to 'net/ipv6')