1
2config SECURITY_APPARMOR
3 bool "AppArmor support"
4 depends on SECURITY && NET
5 select AUDIT
6 select SECURITY_PATH
7 select SECURITYFS
8 select SECURITY_NETWORK
9 default n
10 help
11 This enables the AppArmor security module.
12 Required userspace tools (if they are not included in your
13 distribution) and further information may be found at
14 http://apparmor.wiki.kernel.org
15
16 If you are unsure how to answer this question, answer N.
17
18config SECURITY_APPARMOR_HASH
19 bool "Enable introspection of sha1 hashes for loaded profiles"
20 depends on SECURITY_APPARMOR
21 select CRYPTO
22 select CRYPTO_SHA1
23 default y
24 help
25 This option selects whether introspection of loaded policy
26 is available to userspace via the apparmor filesystem.
27
28config SECURITY_APPARMOR_HASH_DEFAULT
29 bool "Enable policy hash introspection by default"
30 depends on SECURITY_APPARMOR_HASH
31 default y
32 help
33 This option selects whether sha1 hashing of loaded policy
34 is enabled by default. The generation of sha1 hashes for
35 loaded policy provide system administrators a quick way
36 to verify that policy in the kernel matches what is expected,
37 however it can slow down policy load on some devices. In
38 these cases policy hashing can be disabled by default and
39 enabled only if needed.
40
41config SECURITY_APPARMOR_DEBUG
42 bool "Build AppArmor with debug code"
43 depends on SECURITY_APPARMOR
44 default n
45 help
46 Build apparmor with debugging logic in apparmor. Not all
47 debugging logic will necessarily be enabled. A submenu will
48 provide fine grained control of the debug options that are
49 available.
50
51config SECURITY_APPARMOR_DEBUG_ASSERTS
52 bool "Build AppArmor with debugging asserts"
53 depends on SECURITY_APPARMOR_DEBUG
54 default y
55 help
56 Enable code assertions made with AA_BUG. These are primarily
57 function entry preconditions but also exist at other key
58 points. If the assert is triggered it will trigger a WARN
59 message.
60
61config SECURITY_APPARMOR_DEBUG_MESSAGES
62 bool "Debug messages enabled by default"
63 depends on SECURITY_APPARMOR_DEBUG
64 default n
65 help
66 Set the default value of the apparmor.debug kernel parameter.
67 When enabled, various debug messages will be logged to
68 the kernel message buffer.
69