John Johansen | 016d825 | 2010-07-30 13:46:33 +1000 | [diff] [blame] | 1 | config SECURITY_APPARMOR |
| 2 | bool "AppArmor support" |
Randy Dunlap | 06c22da | 2010-08-02 10:52:18 -0700 | [diff] [blame] | 3 | depends on SECURITY && NET |
John Johansen | 016d825 | 2010-07-30 13:46:33 +1000 | [diff] [blame] | 4 | select AUDIT |
| 5 | select SECURITY_PATH |
| 6 | select SECURITYFS |
| 7 | select SECURITY_NETWORK |
| 8 | default n |
| 9 | help |
| 10 | This enables the AppArmor security module. |
| 11 | Required userspace tools (if they are not included in your |
| 12 | distribution) and further information may be found at |
| 13 | http://apparmor.wiki.kernel.org |
| 14 | |
| 15 | If you are unsure how to answer this question, answer N. |
| 16 | |
| 17 | config SECURITY_APPARMOR_BOOTPARAM_VALUE |
| 18 | int "AppArmor boot parameter default value" |
| 19 | depends on SECURITY_APPARMOR |
| 20 | range 0 1 |
| 21 | default 1 |
| 22 | help |
| 23 | This option sets the default value for the kernel parameter |
| 24 | 'apparmor', which allows AppArmor to be enabled or disabled |
| 25 | at boot. If this option is set to 0 (zero), the AppArmor |
| 26 | kernel parameter will default to 0, disabling AppArmor at |
| 27 | boot. If this option is set to 1 (one), the AppArmor |
| 28 | kernel parameter will default to 1, enabling AppArmor at |
| 29 | boot. |
| 30 | |
| 31 | If you are unsure how to answer this question, answer 1. |
John Johansen | f8eb8a1 | 2013-08-14 11:27:36 -0700 | [diff] [blame^] | 32 | |
| 33 | config SECURITY_APPARMOR_HASH |
| 34 | bool "SHA1 hash of loaded profiles" |
| 35 | depends on SECURITY_APPARMOR |
| 36 | depends on CRYPTO |
| 37 | select CRYPTO_SHA1 |
| 38 | default y |
| 39 | |
| 40 | help |
| 41 | This option selects whether sha1 hashing is done against loaded |
| 42 | profiles and exported for inspection to user space via the apparmor |
| 43 | filesystem. |