1016d825fSJohn Johansenconfig SECURITY_APPARMOR 2016d825fSJohn Johansen bool "AppArmor support" 306c22dadSRandy Dunlap depends on SECURITY && NET 4016d825fSJohn Johansen select AUDIT 5016d825fSJohn Johansen select SECURITY_PATH 6016d825fSJohn Johansen select SECURITYFS 7016d825fSJohn Johansen select SECURITY_NETWORK 8*fe166a9fSJohn Johansen select ZLIB_INFLATE 9*fe166a9fSJohn Johansen select ZLIB_DEFLATE 10016d825fSJohn Johansen default n 11016d825fSJohn Johansen help 12016d825fSJohn Johansen This enables the AppArmor security module. 13016d825fSJohn Johansen Required userspace tools (if they are not included in your 14016d825fSJohn Johansen distribution) and further information may be found at 15016d825fSJohn Johansen http://apparmor.wiki.kernel.org 16016d825fSJohn Johansen 17016d825fSJohn Johansen If you are unsure how to answer this question, answer N. 18016d825fSJohn Johansen 19f8eb8a13SJohn Johansenconfig SECURITY_APPARMOR_HASH 206059f71fSJohn Johansen bool "Enable introspection of sha1 hashes for loaded profiles" 21f8eb8a13SJohn Johansen depends on SECURITY_APPARMOR 22083c1290SArnd Bergmann select CRYPTO 23f8eb8a13SJohn Johansen select CRYPTO_SHA1 24f8eb8a13SJohn Johansen default y 25f8eb8a13SJohn Johansen help 266059f71fSJohn Johansen This option selects whether introspection of loaded policy 276059f71fSJohn Johansen is available to userspace via the apparmor filesystem. 286059f71fSJohn Johansen 296059f71fSJohn Johansenconfig SECURITY_APPARMOR_HASH_DEFAULT 306059f71fSJohn Johansen bool "Enable policy hash introspection by default" 316059f71fSJohn Johansen depends on SECURITY_APPARMOR_HASH 326059f71fSJohn Johansen default y 336059f71fSJohn Johansen help 346059f71fSJohn Johansen This option selects whether sha1 hashing of loaded policy 356059f71fSJohn Johansen is enabled by default. The generation of sha1 hashes for 366059f71fSJohn Johansen loaded policy provide system administrators a quick way 376059f71fSJohn Johansen to verify that policy in the kernel matches what is expected, 386059f71fSJohn Johansen however it can slow down policy load on some devices. In 396059f71fSJohn Johansen these cases policy hashing can be disabled by default and 406059f71fSJohn Johansen enabled only if needed. 41680cd62eSJohn Johansen 42680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG 43680cd62eSJohn Johansen bool "Build AppArmor with debug code" 44680cd62eSJohn Johansen depends on SECURITY_APPARMOR 45680cd62eSJohn Johansen default n 46680cd62eSJohn Johansen help 47680cd62eSJohn Johansen Build apparmor with debugging logic in apparmor. Not all 48680cd62eSJohn Johansen debugging logic will necessarily be enabled. A submenu will 49680cd62eSJohn Johansen provide fine grained control of the debug options that are 50680cd62eSJohn Johansen available. 51680cd62eSJohn Johansen 52680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG_ASSERTS 53680cd62eSJohn Johansen bool "Build AppArmor with debugging asserts" 54680cd62eSJohn Johansen depends on SECURITY_APPARMOR_DEBUG 55680cd62eSJohn Johansen default y 56680cd62eSJohn Johansen help 57680cd62eSJohn Johansen Enable code assertions made with AA_BUG. These are primarily 58680cd62eSJohn Johansen function entry preconditions but also exist at other key 59680cd62eSJohn Johansen points. If the assert is triggered it will trigger a WARN 60680cd62eSJohn Johansen message. 61680cd62eSJohn Johansen 62680cd62eSJohn Johansenconfig SECURITY_APPARMOR_DEBUG_MESSAGES 63680cd62eSJohn Johansen bool "Debug messages enabled by default" 64680cd62eSJohn Johansen depends on SECURITY_APPARMOR_DEBUG 65680cd62eSJohn Johansen default n 66680cd62eSJohn Johansen help 67680cd62eSJohn Johansen Set the default value of the apparmor.debug kernel parameter. 68680cd62eSJohn Johansen When enabled, various debug messages will be logged to 69680cd62eSJohn Johansen the kernel message buffer. 70