1 |
diff -ubBpEr linux-2.4.20-46.9.legacy/Documentation/Configure.help linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help |
diff -ubBpEr linux-2.4.20-46.9.legacy/Documentation/Configure.help linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help |
2 |
--- linux-2.4.20-46.9.legacy/Documentation/Configure.help 2007-03-03 16:01:44.000000000 +0900 |
--- linux-2.4.20-46.9.legacy/Documentation/Configure.help 2007-03-03 16:01:44.000000000 +0900 |
3 |
+++ linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help 2007-03-03 16:15:29.000000000 +0900 |
+++ linux-2.4.20-46.9.legacy-ccs/Documentation/Configure.help 2007-03-08 16:42:30.000000000 +0900 |
4 |
@@ -26506,6 +26506,225 @@ IPMI Watchdog Timer |
@@ -26506,6 +26506,222 @@ IPMI Watchdog Timer |
5 |
CONFIG_IPMI_WATCHDOG |
CONFIG_IPMI_WATCHDOG |
6 |
This enables the IPMI watchdog timer. |
This enables the IPMI watchdog timer. |
7 |
|
|
17 |
+ |
+ |
18 |
+ SAKURA can restrict operations that affect systemwide. |
+ SAKURA can restrict operations that affect systemwide. |
19 |
+ |
+ |
|
+ SAKURA can drop unnecessary capabilities |
|
|
+ to reduce the risk of exploitations. |
|
|
+ |
|
20 |
+CONFIG_SAKURA_RESTRICT_MOUNT |
+CONFIG_SAKURA_RESTRICT_MOUNT |
21 |
+ This option allows you to restrict combinations of |
+ This option allows you to restrict combinations of |
22 |
+ (type, device, dir) that the system can mount. |
+ (type, device, dir) that the system can mount. |
109 |
+ You can make custom root fs with minimum files |
+ You can make custom root fs with minimum files |
110 |
+ to run minimum applications with TOMOYO. |
+ to run minimum applications with TOMOYO. |
111 |
+ |
+ |
112 |
|
+CONFIG_TOMOYO_MAX_ACCEPT_ENTRY |
113 |
|
+ This is the default value for maximal ACL entries |
114 |
|
+ that are automatically appended into policy at "accept mode". |
115 |
|
+ Some programs access thousands of objects, so running |
116 |
|
+ such programs in "accept mode" dulls the system response |
117 |
|
+ and consumes much memory. |
118 |
|
+ This is the safeguard for such programs. |
119 |
|
+ |
120 |
+CONFIG_TOMOYO_MAC_FOR_FILE |
+CONFIG_TOMOYO_MAC_FOR_FILE |
121 |
+ Say Y here to support the MAC for file access. |
+ Say Y here to support the MAC for file access. |
122 |
+ |
+ |
124 |
+ If you don't say Y to this option, |
+ If you don't say Y to this option, |
125 |
+ you can't improve the system security. |
+ you can't improve the system security. |
126 |
+ |
+ |
|
+CONFIG_TOMOYO_MAX_ACCEPT_FILES |
|
|
+ This is the default value for maximal entries for file access |
|
|
+ that are automatically appended into policy at "accept mode". |
|
|
+ Some programs access thousands of files, so running |
|
|
+ such programs in "accept mode" dulls the system response |
|
|
+ and consumes much memory. |
|
|
+ This is the safeguard for such programs. |
|
|
+ |
|
127 |
+CONFIG_TOMOYO_MAC_FOR_ARGV0 |
+CONFIG_TOMOYO_MAC_FOR_ARGV0 |
128 |
+ Say Y here to support the MAC for argv0. |
+ Say Y here to support the MAC for argv0. |
129 |
+ |
+ |