On Sat, Aug 25, 2018 at 12:42 AM Casey Schaufler <casey.schaufler@xxxxxxxxx> wrote: > +config SECURITY_SIDECHANNEL_CAPABILITIES > + bool "Sidechannel check on capability sets" > + depends on SECURITY_SIDECHANNEL > + depends on !SECURITY_SIDECHANNEL_ALWAYS > + default n > + select SECURITY_SIDECHANNEL_NAMESPACES if USER_NS > + help > + Assume that tasks with different sets of privilege may be > + subject to side-channel attacks. Potential interactions > + where the attacker lacks capabilities the attacked has > + are blocked. Selecting this when user namespaces (USER_NS) > + are enabled will enable SECURITY_SIDECHANNEL_NAMESPACES. Thanks! _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
