Merge branch 'smack-for-3.18' of git://git.gitorious.org/smack-next/kernel into next

author: James Morris <james.l.morris@oracle.com> 2014-09-18 23:52:46 +1000
committer: James Morris <james.l.morris@oracle.com> 2014-09-18 23:52:46 +1000
commit: 6f98e892884c32b9273ecce1332b849bcad3b8b1 (patch)
tree: 400e8ae29e555753e0ec085bf452f7206eb8c159 /security/smack/Kconfig
parent: ac60ab4b4968b54fb5af20eac9dd78e36ad910c1 (diff)
parent: 21c7eae21a2100a89cfb8cebaf7b770271f32c6e (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/security/smack/Kconfig b/security/smack/Kconfig
index e69de9c642b7..b065f9789418 100644
--- a/security/smack/Kconfig
+++ b/security/smack/Kconfig
@@ -12,3 +12,19 @@ config SECURITY_SMACK
 	  of other mandatory security schemes.
 	  If you are unsure how to answer this question, answer N.
 
+config SECURITY_SMACK_BRINGUP
+	bool "Reporting on access granted by Smack rules"
+	depends on SECURITY_SMACK
+	default n
+	help
+	  Enable the bring-up ("b") access mode in Smack rules.
+	  When access is granted by a rule with the "b" mode a
+	  message about the access requested is generated. The
+	  intention is that a process can be granted a wide set
+	  of access initially with the bringup mode set on the
+	  rules. The developer can use the information to
+	  identify which rules are necessary and what accesses
+	  may be inappropriate. The developer can reduce the
+	  access rule set once the behavior is well understood.
+	  This is a superior mechanism to the oft abused
+	  "permissive" mode of other systems.
author	James Morris <james.l.morris@oracle.com>	2014-09-18 23:52:46 +1000
committer	James Morris <james.l.morris@oracle.com>	2014-09-18 23:52:46 +1000
commit	6f98e892884c32b9273ecce1332b849bcad3b8b1 (patch)
tree	400e8ae29e555753e0ec085bf452f7206eb8c159 /security/smack/Kconfig
parent	ac60ab4b4968b54fb5af20eac9dd78e36ad910c1 (diff)
parent	21c7eae21a2100a89cfb8cebaf7b770271f32c6e (diff)