config SECURITY_CHROMIUMOS
	bool "Chromium OS Security Module"
	depends on SECURITY
	depends on BLOCK
	depends on X86_64 || ARM64
	help
	  The purpose of the Chromium OS security module is to reduce attacking
	  surface by preventing access to general purpose access modes not
	  required by Chromium OS. Currently: the mount operation is
	  restricted by requiring a mount point path without symbolic links,
	  and loading modules is limited to only the root filesystem. This
	  LSM is stacked ahead of any primary "full" LSM.

config SECURITY_CHROMIUMOS_NO_SYMLINK_MOUNT
	bool "Chromium OS Security: prohibit mount to symlinked target"
	depends on SECURITY_CHROMIUMOS
	default y
	help
	  When enabled mount() syscall will return ELOOP whenever target path
	  contains any symlinks.

config SECURITY_CHROMIUMOS_NO_UNPRIVILEGED_UNSAFE_MOUNTS
	bool "Chromium OS Security: prohibit unsafe mounts in unprivileged user namespaces"
	depends on SECURITY_CHROMIUMOS
	default y
	help
	  When enabled, mount() syscall will return EPERM whenever a new mount
	  is attempted that would cause the filesystem to have the exec, suid,
	  or dev flags if the caller does not have the CAP_SYS_ADMIN capability
	  in the init namespace.

config ALT_SYSCALL_CHROMIUMOS
	bool "Chromium OS Alt-Syscall Tables"
	depends on ALT_SYSCALL
	depends on X86_64 || ARM64
	help
	  Register restricted, alternate syscall tables used by Chromium OS
	  using the alt-syscall infrastructure.  Alternate syscall tables
	  can be selected with prctl(PR_ALT_SYSCALL).

config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM
	bool "Force /proc/<pid>/mem paths to be read-only"
	default y
	help
	  When enabled, attempts to open /proc/self/mem for write access
	  will always fail.  Write access to this file allows bypassing
	  of memory map permissions (such as modifying read-only code).
