mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-21 11:44:01 +08:00
2d514487fa
This adds the Yama Linux Security Module to collect DAC security improvements (specifically just ptrace restrictions for now) that have existed in various forms over the years and have been carried outside the mainline kernel by other Linux distributions like Openwall and grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
31 lines
1.0 KiB
Makefile
31 lines
1.0 KiB
Makefile
#
|
|
# Makefile for the kernel security code
|
|
#
|
|
|
|
obj-$(CONFIG_KEYS) += keys/
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_SECURITY_SMACK) += smack
|
|
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
|
subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
|
|
subdir-$(CONFIG_SECURITY_YAMA) += yama
|
|
|
|
# always enable default capabilities
|
|
obj-y += commoncap.o
|
|
obj-$(CONFIG_MMU) += min_addr.o
|
|
|
|
# Object file lists
|
|
obj-$(CONFIG_SECURITY) += security.o capability.o
|
|
obj-$(CONFIG_SECURITYFS) += inode.o
|
|
# Must precede capability.o in order to stack properly.
|
|
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
|
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
|
obj-$(CONFIG_AUDIT) += lsm_audit.o
|
|
obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
|
|
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o
|
|
obj-$(CONFIG_SECURITY_YAMA) += yama/built-in.o
|
|
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
|
|
|
# Object integrity file lists
|
|
subdir-$(CONFIG_INTEGRITY) += integrity
|
|
obj-$(CONFIG_INTEGRITY) += integrity/built-in.o
|