xref: /linux/security/apparmor/Kconfig (revision f8eb8a1324e81927b2c64823b2fc38386efd3fef) 
1016d825fSJohn Johansenconfig SECURITY_APPARMOR
2016d825fSJohn Johansen	bool "AppArmor support"
306c22dadSRandy Dunlap	depends on SECURITY && NET
4016d825fSJohn Johansen	select AUDIT
5016d825fSJohn Johansen	select SECURITY_PATH
6016d825fSJohn Johansen	select SECURITYFS
7016d825fSJohn Johansen	select SECURITY_NETWORK
8016d825fSJohn Johansen	default n
9016d825fSJohn Johansen	help
10016d825fSJohn Johansen	  This enables the AppArmor security module.
11016d825fSJohn Johansen	  Required userspace tools (if they are not included in your
12016d825fSJohn Johansen	  distribution) and further information may be found at
13016d825fSJohn Johansen	  http://apparmor.wiki.kernel.org
14016d825fSJohn Johansen
15016d825fSJohn Johansen	  If you are unsure how to answer this question, answer N.
16016d825fSJohn Johansen
17016d825fSJohn Johansenconfig SECURITY_APPARMOR_BOOTPARAM_VALUE
18016d825fSJohn Johansen	int "AppArmor boot parameter default value"
19016d825fSJohn Johansen	depends on SECURITY_APPARMOR
20016d825fSJohn Johansen	range 0 1
21016d825fSJohn Johansen	default 1
22016d825fSJohn Johansen	help
23016d825fSJohn Johansen	  This option sets the default value for the kernel parameter
24016d825fSJohn Johansen	  'apparmor', which allows AppArmor to be enabled or disabled
25016d825fSJohn Johansen          at boot.  If this option is set to 0 (zero), the AppArmor
26016d825fSJohn Johansen	  kernel parameter will default to 0, disabling AppArmor at
27016d825fSJohn Johansen	  boot.  If this option is set to 1 (one), the AppArmor
28016d825fSJohn Johansen	  kernel parameter will default to 1, enabling AppArmor at
29016d825fSJohn Johansen	  boot.
30016d825fSJohn Johansen
31016d825fSJohn Johansen	  If you are unsure how to answer this question, answer 1.
32*f8eb8a13SJohn Johansen
33*f8eb8a13SJohn Johansenconfig SECURITY_APPARMOR_HASH
34*f8eb8a13SJohn Johansen	bool "SHA1 hash of loaded profiles"
35*f8eb8a13SJohn Johansen	depends on SECURITY_APPARMOR
36*f8eb8a13SJohn Johansen	depends on CRYPTO
37*f8eb8a13SJohn Johansen	select CRYPTO_SHA1
38*f8eb8a13SJohn Johansen	default y
39*f8eb8a13SJohn Johansen
40*f8eb8a13SJohn Johansen	help
41*f8eb8a13SJohn Johansen	  This option selects whether sha1 hashing is done against loaded
42*f8eb8a13SJohn Johansen          profiles and exported for inspection to user space via the apparmor
43*f8eb8a13SJohn Johansen          filesystem.
44