linux/security/apparmor/Kconfig
<<
>>
Prefs 
   1# SPDX-License-Identifier: GPL-2.0-only
   2config SECURITY_APPARMOR
   3        bool "AppArmor support"
   4        depends on SECURITY && NET
   5        select AUDIT
   6        select SECURITY_PATH
   7        select SECURITYFS
   8        select SECURITY_NETWORK
   9        default n
  10        help
  11          This enables the AppArmor security module.
  12          Required userspace tools (if they are not included in your
  13          distribution) and further information may be found at
  14          http://apparmor.wiki.kernel.org
  15
  16          If you are unsure how to answer this question, answer N.
  17
  18config SECURITY_APPARMOR_HASH
  19        bool "Enable introspection of sha1 hashes for loaded profiles"
  20        depends on SECURITY_APPARMOR
  21        select CRYPTO
  22        select CRYPTO_SHA1
  23        default y
  24        help
  25          This option selects whether introspection of loaded policy
  26          is available to userspace via the apparmor filesystem.
  27
  28config SECURITY_APPARMOR_HASH_DEFAULT
  29       bool "Enable policy hash introspection by default"
  30       depends on SECURITY_APPARMOR_HASH
  31       default y
  32       help
  33         This option selects whether sha1 hashing of loaded policy
  34         is enabled by default. The generation of sha1 hashes for
  35         loaded policy provide system administrators a quick way
  36         to verify that policy in the kernel matches what is expected,
  37         however it can slow down policy load on some devices. In
  38         these cases policy hashing can be disabled by default and
  39         enabled only if needed.
  40
  41config SECURITY_APPARMOR_DEBUG
  42        bool "Build AppArmor with debug code"
  43        depends on SECURITY_APPARMOR
  44        default n
  45        help
  46          Build apparmor with debugging logic in apparmor. Not all
  47          debugging logic will necessarily be enabled. A submenu will
  48          provide fine grained control of the debug options that are
  49          available.
  50
  51config SECURITY_APPARMOR_DEBUG_ASSERTS
  52        bool "Build AppArmor with debugging asserts"
  53        depends on SECURITY_APPARMOR_DEBUG
  54        default y
  55        help
  56          Enable code assertions made with AA_BUG. These are primarily
  57          function entry preconditions but also exist at other key
  58          points. If the assert is triggered it will trigger a WARN
  59          message.
  60
  61config SECURITY_APPARMOR_DEBUG_MESSAGES
  62        bool "Debug messages enabled by default"
  63        depends on SECURITY_APPARMOR_DEBUG
  64        default n
  65        help
  66          Set the default value of the apparmor.debug kernel parameter.
  67          When enabled, various debug messages will be logged to
  68          the kernel message buffer.
  69
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.