69 lines
2.2 KiB
Plaintext
69 lines
2.2 KiB
Plaintext
|
# SPDX-License-Identifier: GPL-2.0-only
|
||
|
config SECURITY_APPARMOR
|
||
|
bool "AppArmor support"
|
||
|
depends on SECURITY && NET
|
||
|
select AUDIT
|
||
|
select SECURITY_PATH
|
||
|
select SECURITYFS
|
||
|
select SECURITY_NETWORK
|
||
|
default n
|
||
|
help
|
||
|
This enables the AppArmor security module.
|
||
|
Required userspace tools (if they are not included in your
|
||
|
distribution) and further information may be found at
|
||
|
http://apparmor.wiki.kernel.org
|
||
|
|
||
|
If you are unsure how to answer this question, answer N.
|
||
|
|
||
|
config SECURITY_APPARMOR_HASH
|
||
|
bool "Enable introspection of sha1 hashes for loaded profiles"
|
||
|
depends on SECURITY_APPARMOR
|
||
|
select CRYPTO
|
||
|
select CRYPTO_SHA1
|
||
|
default y
|
||
|
help
|
||
|
This option selects whether introspection of loaded policy
|
||
|
is available to userspace via the apparmor filesystem.
|
||
|
|
||
|
config SECURITY_APPARMOR_HASH_DEFAULT
|
||
|
bool "Enable policy hash introspection by default"
|
||
|
depends on SECURITY_APPARMOR_HASH
|
||
|
default y
|
||
|
help
|
||
|
This option selects whether sha1 hashing of loaded policy
|
||
|
is enabled by default. The generation of sha1 hashes for
|
||
|
loaded policy provide system administrators a quick way
|
||
|
to verify that policy in the kernel matches what is expected,
|
||
|
however it can slow down policy load on some devices. In
|
||
|
these cases policy hashing can be disabled by default and
|
||
|
enabled only if needed.
|
||
|
|
||
|
config SECURITY_APPARMOR_DEBUG
|
||
|
bool "Build AppArmor with debug code"
|
||
|
depends on SECURITY_APPARMOR
|
||
|
default n
|
||
|
help
|
||
|
Build apparmor with debugging logic in apparmor. Not all
|
||
|
debugging logic will necessarily be enabled. A submenu will
|
||
|
provide fine grained control of the debug options that are
|
||
|
available.
|
||
|
|
||
|
config SECURITY_APPARMOR_DEBUG_ASSERTS
|
||
|
bool "Build AppArmor with debugging asserts"
|
||
|
depends on SECURITY_APPARMOR_DEBUG
|
||
|
default y
|
||
|
help
|
||
|
Enable code assertions made with AA_BUG. These are primarily
|
||
|
function entry preconditions but also exist at other key
|
||
|
points. If the assert is triggered it will trigger a WARN
|
||
|
message.
|
||
|
|
||
|
config SECURITY_APPARMOR_DEBUG_MESSAGES
|
||
|
bool "Debug messages enabled by default"
|
||
|
depends on SECURITY_APPARMOR_DEBUG
|
||
|
default n
|
||
|
help
|
||
|
Set the default value of the apparmor.debug kernel parameter.
|
||
|
When enabled, various debug messages will be logged to
|
||
|
the kernel message buffer.
|