| 1 |
diff -ubBpEr linux-2.4.20-46.9.legacy/Documentation/Configure.help linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help |
diff -ubBpEr linux-2.4.20-46.9.legacy/Documentation/Configure.help linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help |
| 2 |
--- linux-2.4.20-46.9.legacy/Documentation/Configure.help 2007-03-03 16:01:44.000000000 +0900 |
--- linux-2.4.20-46.9.legacy/Documentation/Configure.help 2007-03-03 16:01:44.000000000 +0900 |
| 3 |
+++ linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help 2007-03-03 16:15:29.000000000 +0900 |
+++ linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help 2007-03-08 16:42:30.000000000 +0900 |
| 4 |
@@ -26506,6 +26506,225 @@ IPMI Watchdog Timer |
@@ -26506,6 +26506,222 @@ IPMI Watchdog Timer |
| 5 |
CONFIG_IPMI_WATCHDOG |
CONFIG_IPMI_WATCHDOG |
| 6 |
This enables the IPMI watchdog timer. |
This enables the IPMI watchdog timer. |
| 7 |
|
|
| 17 |
+ |
+ |
| 18 |
+ SAKURA can restrict operations that affect systemwide. |
+ SAKURA can restrict operations that affect systemwide. |
| 19 |
+ |
+ |
|
+ SAKURA can drop unnecessary capabilities |
|
|
+ to reduce the risk of exploitations. |
|
|
+ |
|
| 20 |
+CONFIG_SAKURA_RESTRICT_MOUNT |
+CONFIG_SAKURA_RESTRICT_MOUNT |
| 21 |
+ This option allows you to restrict combinations of |
+ This option allows you to restrict combinations of |
| 22 |
+ (type, device, dir) that the system can mount. |
+ (type, device, dir) that the system can mount. |
| 109 |
+ You can make custom root fs with minimum files |
+ You can make custom root fs with minimum files |
| 110 |
+ to run minimum applications with TOMOYO. |
+ to run minimum applications with TOMOYO. |
| 111 |
+ |
+ |
| 112 |
|
+CONFIG_TOMOYO_MAX_ACCEPT_ENTRY |
| 113 |
|
+ This is the default value for maximal ACL entries |
| 114 |
|
+ that are automatically appended into policy at "accept mode". |
| 115 |
|
+ Some programs access thousands of objects, so running |
| 116 |
|
+ such programs in "accept mode" dulls the system response |
| 117 |
|
+ and consumes much memory. |
| 118 |
|
+ This is the safeguard for such programs. |
| 119 |
|
+ |
| 120 |
+CONFIG_TOMOYO_MAC_FOR_FILE |
+CONFIG_TOMOYO_MAC_FOR_FILE |
| 121 |
+ Say Y here to support the MAC for file access. |
+ Say Y here to support the MAC for file access. |
| 122 |
+ |
+ |
| 124 |
+ If you don't say Y to this option, |
+ If you don't say Y to this option, |
| 125 |
+ you can't improve the system security. |
+ you can't improve the system security. |
| 126 |
+ |
+ |
|
+CONFIG_TOMOYO_MAX_ACCEPT_FILES |
|
|
+ This is the default value for maximal entries for file access |
|
|
+ that are automatically appended into policy at "accept mode". |
|
|
+ Some programs access thousands of files, so running |
|
|
+ such programs in "accept mode" dulls the system response |
|
|
+ and consumes much memory. |
|
|
+ This is the safeguard for such programs. |
|
|
+ |
|
| 127 |
+CONFIG_TOMOYO_MAC_FOR_ARGV0 |
+CONFIG_TOMOYO_MAC_FOR_ARGV0 |
| 128 |
+ Say Y here to support the MAC for argv0. |
+ Say Y here to support the MAC for argv0. |
| 129 |
+ |
+ |
TOMOYO
Parent Directory
Revision Log
Patch