Commit | Line | Data |
---|---|---|
016d825f JJ |
1 | config SECURITY_APPARMOR |
2 | bool "AppArmor support" | |
06c22dad | 3 | depends on SECURITY && NET |
016d825f JJ |
4 | select AUDIT |
5 | select SECURITY_PATH | |
6 | select SECURITYFS | |
7 | select SECURITY_NETWORK | |
8 | default n | |
9 | help | |
10 | This enables the AppArmor security module. | |
11 | Required userspace tools (if they are not included in your | |
12 | distribution) and further information may be found at | |
13 | http://apparmor.wiki.kernel.org | |
14 | ||
15 | If you are unsure how to answer this question, answer N. | |
16 | ||
17 | config SECURITY_APPARMOR_BOOTPARAM_VALUE | |
18 | int "AppArmor boot parameter default value" | |
19 | depends on SECURITY_APPARMOR | |
20 | range 0 1 | |
21 | default 1 | |
22 | help | |
23 | This option sets the default value for the kernel parameter | |
24 | 'apparmor', which allows AppArmor to be enabled or disabled | |
25 | at boot. If this option is set to 0 (zero), the AppArmor | |
26 | kernel parameter will default to 0, disabling AppArmor at | |
27 | boot. If this option is set to 1 (one), the AppArmor | |
28 | kernel parameter will default to 1, enabling AppArmor at | |
29 | boot. | |
30 | ||
31 | If you are unsure how to answer this question, answer 1. | |
f8eb8a13 JJ |
32 | |
33 | config SECURITY_APPARMOR_HASH | |
6059f71f | 34 | bool "Enable introspection of sha1 hashes for loaded profiles" |
f8eb8a13 | 35 | depends on SECURITY_APPARMOR |
083c1290 | 36 | select CRYPTO |
f8eb8a13 JJ |
37 | select CRYPTO_SHA1 |
38 | default y | |
39 | ||
40 | help | |
6059f71f JJ |
41 | This option selects whether introspection of loaded policy |
42 | is available to userspace via the apparmor filesystem. | |
43 | ||
44 | config SECURITY_APPARMOR_HASH_DEFAULT | |
45 | bool "Enable policy hash introspection by default" | |
46 | depends on SECURITY_APPARMOR_HASH | |
47 | default y | |
48 | ||
49 | help | |
50 | This option selects whether sha1 hashing of loaded policy | |
51 | is enabled by default. The generation of sha1 hashes for | |
52 | loaded policy provide system administrators a quick way | |
53 | to verify that policy in the kernel matches what is expected, | |
54 | however it can slow down policy load on some devices. In | |
55 | these cases policy hashing can be disabled by default and | |
56 | enabled only if needed. |