security/apparmor/Kconfig

   1 config SECURITY_APPARMOR
   2         bool "AppArmor support"
   3         depends on SECURITY && NET
   4         select AUDIT
   5         select SECURITY_PATH
   6         select SECURITYFS
   7         select SECURITY_NETWORK
   8         default n
   9         help
  10           This enables the AppArmor security module.
  11           Required userspace tools (if they are not included in your
  12           distribution) and further information may be found at
  13           http://apparmor.wiki.kernel.org
  14
  15           If you are unsure how to answer this question, answer N.
  16
  17 config SECURITY_APPARMOR_BOOTPARAM_VALUE
  18         int "AppArmor boot parameter default value"
  19         depends on SECURITY_APPARMOR
  20         range 0 1
  21         default 1
  22         help
  23           This option sets the default value for the kernel parameter
  24           'apparmor', which allows AppArmor to be enabled or disabled
  25           at boot.  If this option is set to 0 (zero), the AppArmor
  26           kernel parameter will default to 0, disabling AppArmor at
  27           boot.  If this option is set to 1 (one), the AppArmor
  28           kernel parameter will default to 1, enabling AppArmor at
  29           boot.
  30
  31           If you are unsure how to answer this question, answer 1.
  32
  33 config SECURITY_APPARMOR_HASH
  34         bool "Enable introspection of sha1 hashes for loaded profiles"
  35         depends on SECURITY_APPARMOR
  36         select CRYPTO
  37         select CRYPTO_SHA1
  38         default y
  39         help
  40           This option selects whether introspection of loaded policy
  41           is available to userspace via the apparmor filesystem.
  42
  43 config SECURITY_APPARMOR_HASH_DEFAULT
  44        bool "Enable policy hash introspection by default"
  45        depends on SECURITY_APPARMOR_HASH
  46        default y
  47        help
  48          This option selects whether sha1 hashing of loaded policy
  49          is enabled by default. The generation of sha1 hashes for
  50          loaded policy provide system administrators a quick way
  51          to verify that policy in the kernel matches what is expected,
  52          however it can slow down policy load on some devices. In
  53          these cases policy hashing can be disabled by default and
  54          enabled only if needed.
  55
  56 config SECURITY_APPARMOR_DEBUG
  57         bool "Build AppArmor with debug code"
  58         depends on SECURITY_APPARMOR
  59         default n
  60         help
  61           Build apparmor with debugging logic in apparmor. Not all
  62           debugging logic will necessarily be enabled. A submenu will
  63           provide fine grained control of the debug options that are
  64           available.
  65
  66 config SECURITY_APPARMOR_DEBUG_ASSERTS
  67         bool "Build AppArmor with debugging asserts"
  68         depends on SECURITY_APPARMOR_DEBUG
  69         default y
  70         help
  71           Enable code assertions made with AA_BUG. These are primarily
  72           function entry preconditions but also exist at other key
  73           points. If the assert is triggered it will trigger a WARN
  74           message.
  75
  76 config SECURITY_APPARMOR_DEBUG_MESSAGES
  77         bool "Debug messages enabled by default"
  78         depends on SECURITY_APPARMOR_DEBUG
  79         default n
  80         help
  81           Set the default value of the apparmor.debug kernel parameter.
  82           When enabled, various debug messages will be logged to
  83           the kernel message buffer.