security/chromiumos/Kconfig - chromiumos/third_party/kernel - Git at Google

 config SECURITY_CHROMIUMOS
 	bool "Chromium OS Security Module"
 	depends on SECURITY
 	help
 	  The purpose of the Chromium OS security module is to reduce attacking
 	  surface by preventing access to general purpose access modes not
 	  required by Chromium OS. Currently: the mount operation is
 	  restricted by requiring a mount point path without symbolic links,
 	  and loading modules is limited to only the root filesystem.

 config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
 	bool "Force /proc/<pid>/mem paths to be read-only"
 	default y
 	help
 	  When enabled, attempts to open /proc/self/mem for write access
 	  will always fail.  Write access to this file allows bypassing
 	  of memory map permissions (such as modifying read-only code).
	config SECURITY_CHROMIUMOS
	bool "Chromium OS Security Module"
	depends on SECURITY
	help
	The purpose of the Chromium OS security module is to reduce attacking
	surface by preventing access to general purpose access modes not
	required by Chromium OS. Currently: the mount operation is
	restricted by requiring a mount point path without symbolic links,
	and loading modules is limited to only the root filesystem.

	config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
	bool "Force /proc/<pid>/mem paths to be read-only"
	default y
	help
	When enabled, attempts to open /proc/self/mem for write access
	will always fail. Write access to this file allows bypassing
	of memory map permissions (such as modifying read-only code).