| config SECURITY_CHROMIUMOS |
| bool "Chromium OS Security Module" |
| depends on SECURITY |
| help |
| The purpose of the Chromium OS security module is to reduce attacking |
| surface by preventing access to general purpose access modes not |
| required by Chromium OS. Currently: the mount operation is |
| restricted by requiring a mount point path without symbolic links, |
| and loading modules is limited to only the root filesystem. |
| |
| config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM |
| bool "Force /proc/<pid>/mem paths to be read-only" |
| default y |
| help |
| When enabled, attempts to open /proc/self/mem for write access |
| will always fail. Write access to this file allows bypassing |
| of memory map permissions (such as modifying read-only code). |