Component Type: kbuild config

Description: Activate without calling userspace policy loader.

More info: Say Y here if you want to activate access control as soon as built-in policy was loaded. This option will be useful for systems where operations which can lead to the hijacking of the boot sequence are needed before loading the policy. For example, you can activate immediately after loading the fixed part of policy which will allow only operations needed for mounting a partition which contains the variant part of policy and verifying (e.g. running GPG check) and loading the variant part of policy. Since you can start using enforcing mode from the beginning, you can reduce the possibility of hijacking the boot sequence.

Build project: Kconfig (Linux kconfig) (Path: security\tomoyo\Kconfig )

Other views: file explorer