The Linux kernel supports different
security models by providing hooks and letting you build in your
choice of model. At the moment, only a few
models come with the default kernel source tree, but developers of new
models are working on getting more accepted.
Default Linux Capabilities
The standard type of security model for Linux is the "capability" model.
You should always select this option unless you really want to run an
insecure kernel for some reason.
To enable it:
Security options
[*] Enable different security models
[*] Default Linux Capabilities
A very popular security model is called SELinux. This model is supported
by a number of different Linux distributions.
SELinux requires that the networking option be enabled. See
the section called “Networking” to enable this.
SELinux also requires that audit be enabled in the kernel configuration.
To do this:
General setup
[*] Auditing support
Also, the networking security option must be enabled:
Security options
[*] Enable different security models
[*] Socket and Networking Security Hooks
Now it is possible to select the SELinux option:
Security options
[*] Enable different security models
[*] NSA SELinux Support
There are also a number of individual SELinux options that you might wish
to enable. Please see the help for the individual different items for more
descriptions on what they do in.
Security options
[*] Enable different security models
[*] NSA SELinux Support
[ ] NSA SELinux boot parameter
[ ] NSA SELinux runtime disable
[*] NSA SELinux Development Support
[*] NSA SELinux AVC Statistics
(1) NSA SELinux checkreqprot default value
