summaryrefslogtreecommitdiffstats
path: root/security/apparmor/Kconfig
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:02:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:02:30 +0000
commit76cb841cb886eef6b3bee341a2266c76578724ad (patch)
treef5892e5ba6cc11949952a6ce4ecbe6d516d6ce58 /security/apparmor/Kconfig
parentInitial commit. (diff)
downloadlinux-76cb841cb886eef6b3bee341a2266c76578724ad.tar.xz
linux-76cb841cb886eef6b3bee341a2266c76578724ad.zip
Adding upstream version 4.19.249.upstream/4.19.249upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--security/apparmor/Kconfig83
1 files changed, 83 insertions, 0 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
new file mode 100644
index 000000000..b6b68a775
--- /dev/null
+++ b/security/apparmor/Kconfig
@@ -0,0 +1,83 @@
+config SECURITY_APPARMOR
+ bool "AppArmor support"
+ depends on SECURITY && NET
+ select AUDIT
+ select SECURITY_PATH
+ select SECURITYFS
+ select SECURITY_NETWORK
+ default n
+ help
+ This enables the AppArmor security module.
+ Required userspace tools (if they are not included in your
+ distribution) and further information may be found at
+ http://apparmor.wiki.kernel.org
+
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_APPARMOR_BOOTPARAM_VALUE
+ int "AppArmor boot parameter default value"
+ depends on SECURITY_APPARMOR
+ range 0 1
+ default 1
+ help
+ This option sets the default value for the kernel parameter
+ 'apparmor', which allows AppArmor to be enabled or disabled
+ at boot. If this option is set to 0 (zero), the AppArmor
+ kernel parameter will default to 0, disabling AppArmor at
+ boot. If this option is set to 1 (one), the AppArmor
+ kernel parameter will default to 1, enabling AppArmor at
+ boot.
+
+ If you are unsure how to answer this question, answer 1.
+
+config SECURITY_APPARMOR_HASH
+ bool "Enable introspection of sha1 hashes for loaded profiles"
+ depends on SECURITY_APPARMOR
+ select CRYPTO
+ select CRYPTO_SHA1
+ default y
+ help
+ This option selects whether introspection of loaded policy
+ is available to userspace via the apparmor filesystem.
+
+config SECURITY_APPARMOR_HASH_DEFAULT
+ bool "Enable policy hash introspection by default"
+ depends on SECURITY_APPARMOR_HASH
+ default y
+ help
+ This option selects whether sha1 hashing of loaded policy
+ is enabled by default. The generation of sha1 hashes for
+ loaded policy provide system administrators a quick way
+ to verify that policy in the kernel matches what is expected,
+ however it can slow down policy load on some devices. In
+ these cases policy hashing can be disabled by default and
+ enabled only if needed.
+
+config SECURITY_APPARMOR_DEBUG
+ bool "Build AppArmor with debug code"
+ depends on SECURITY_APPARMOR
+ default n
+ help
+ Build apparmor with debugging logic in apparmor. Not all
+ debugging logic will necessarily be enabled. A submenu will
+ provide fine grained control of the debug options that are
+ available.
+
+config SECURITY_APPARMOR_DEBUG_ASSERTS
+ bool "Build AppArmor with debugging asserts"
+ depends on SECURITY_APPARMOR_DEBUG
+ default y
+ help
+ Enable code assertions made with AA_BUG. These are primarily
+ function entry preconditions but also exist at other key
+ points. If the assert is triggered it will trigger a WARN
+ message.
+
+config SECURITY_APPARMOR_DEBUG_MESSAGES
+ bool "Debug messages enabled by default"
+ depends on SECURITY_APPARMOR_DEBUG
+ default n
+ help
+ Set the default value of the apparmor.debug kernel parameter.
+ When enabled, various debug messages will be logged to
+ the kernel message buffer.