1config SECURITY_APPARMOR 2 bool "AppArmor support" 3 depends on SECURITY && NET 4 select AUDIT 5 select SECURITY_PATH 6 select SECURITYFS 7 select SECURITY_NETWORK 8 default n 9 help 10 This enables the AppArmor security module. 11 Required userspace tools (if they are not included in your 12 distribution) and further information may be found at 13 http://apparmor.wiki.kernel.org 14 15 If you are unsure how to answer this question, answer N. 16 17config SECURITY_APPARMOR_BOOTPARAM_VALUE 18 int "AppArmor boot parameter default value" 19 depends on SECURITY_APPARMOR 20 range 0 1 21 default 1 22 help 23 This option sets the default value for the kernel parameter 24 'apparmor', which allows AppArmor to be enabled or disabled 25 at boot. If this option is set to 0 (zero), the AppArmor 26 kernel parameter will default to 0, disabling AppArmor at 27 boot. If this option is set to 1 (one), the AppArmor 28 kernel parameter will default to 1, enabling AppArmor at 29 boot. 30 31 If you are unsure how to answer this question, answer 1. 32 33config SECURITY_APPARMOR_HASH 34 bool "Enable introspection of sha1 hashes for loaded profiles" 35 depends on SECURITY_APPARMOR 36 select CRYPTO 37 select CRYPTO_SHA1 38 default y 39 40 help 41 This option selects whether introspection of loaded policy 42 is available to userspace via the apparmor filesystem. 43 44config SECURITY_APPARMOR_HASH_DEFAULT 45 bool "Enable policy hash introspection by default" 46 depends on SECURITY_APPARMOR_HASH 47 default y 48 49 help 50 This option selects whether sha1 hashing of loaded policy 51 is enabled by default. The generation of sha1 hashes for 52 loaded policy provide system administrators a quick way 53 to verify that policy in the kernel matches what is expected, 54 however it can slow down policy load on some devices. In 55 these cases policy hashing can be disabled by default and 56 enabled only if needed. 57