On Thu, Sep 10, 2020 at 01:21:02PM -0700, Kees Cook wrote: > From: John Wood <john.wood@xxxxxxx> > > Add a menu entry under "Security options" to enable the "Fork brute > force attack mitigation" feature. > > Signed-off-by: John Wood <john.wood@xxxxxxx> > --- > security/Kconfig | 1 + > security/fbfam/Kconfig | 10 ++++++++++ > 2 files changed, 11 insertions(+) > create mode 100644 security/fbfam/Kconfig > > diff --git a/security/Kconfig b/security/Kconfig > index 7561f6f99f1d..00a90e25b8d5 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -290,6 +290,7 @@ config LSM > If unsure, leave this as the default. > > source "security/Kconfig.hardening" > +source "security/fbfam/Kconfig" Given the layout you've chosen and the interface you've got, I think this should just be treated like a regular LSM. > > endmenu > > diff --git a/security/fbfam/Kconfig b/security/fbfam/Kconfig > new file mode 100644 > index 000000000000..bbe7f6aad369 > --- /dev/null > +++ b/security/fbfam/Kconfig > @@ -0,0 +1,10 @@ > +# SPDX-License-Identifier: GPL-2.0 > +config FBFAM To jump on the bikeshed: how about just calling this FORK_BRUTE_FORCE_DETECTION or FORK_BRUTE, and the directory could be "brute", etc. "fbfam" doesn't tell anyone anything. -- Kees Cook
