[PATCH] selinux: Disable automatic labeling of new inodes when no policy is loaded
[linux-2.6.git] / security / Kconfig
index 64d3f1e9ca85e4a925b2c38680af74c70dc27a53..34f593410d57cb12070a154bc0fa0b272467dfeb 100644 (file)
@@ -54,6 +54,19 @@ config SECURITY_NETWORK
          implement socket and networking access controls.
          If you are unsure how to answer this question, answer N.
 
+config SECURITY_NETWORK_XFRM
+       bool "XFRM (IPSec) Networking Security Hooks"
+       depends on XFRM && SECURITY_NETWORK
+       help
+         This enables the XFRM (IPSec) networking security hooks.
+         If enabled, a security module can use these hooks to
+         implement per-packet access controls based on labels
+         derived from IPSec policy.  Non-IPSec communications are
+         designated as unlabelled, and only sockets authorized
+         to communicate unlabelled data can send without using
+         IPSec.
+         If you are unsure how to answer this question, answer N.
+
 config SECURITY_CAPABILITIES
        tristate "Default Linux Capabilities"
        depends on SECURITY