If you are unsure how to answer this question, answer 1.
+config SECURITY_APPARMOR_STATS
+ bool "enable debug statistics"
+ depends on SECURITY_APPARMOR
+ select APPARMOR_LABEL_STATS
+ default n
+ help
+ This enables keeping statistics on various internal structures
+ and functions in apparmor.
+
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_APPARMOR_UNCONFINED_INIT
+ bool "Set init to unconfined on boot"
+ depends on SECURITY_APPARMOR
+ default y
+ help
+ This option determines policy behavior during early boot by
+ placing the init process in the unconfined state, or the
+ 'default' profile.
+
+ This option determines policy behavior during early boot by
+ placing the init process in the unconfined state, or the
+ 'default' profile.
+
+ 'Y' means init and its children are not confined, unless the
+ init process is re-execed after a policy load; loaded policy
+ will only apply to processes started after the load.
+
+ 'N' means init and its children are confined in a profile
+ named 'default', which can be replaced later and thus
+ provide for confinement for processes started early at boot,
+ though not confined during early boot.
+
+ If you are unsure how to answer this question, answer Y.
+
config SECURITY_APPARMOR_HASH
bool "Enable introspection of sha1 hashes for loaded profiles"
depends on SECURITY_APPARMOR
is available to userspace via the apparmor filesystem.
config SECURITY_APPARMOR_HASH_DEFAULT
- bool "Enable policy hash introspection by default"
- depends on SECURITY_APPARMOR_HASH
- default y
-
- help
- This option selects whether sha1 hashing of loaded policy
- is enabled by default. The generation of sha1 hashes for
- loaded policy provide system administrators a quick way
- to verify that policy in the kernel matches what is expected,
- however it can slow down policy load on some devices. In
- these cases policy hashing can be disabled by default and
- enabled only if needed.
+ bool "Enable policy hash introspection by default"
+ depends on SECURITY_APPARMOR_HASH
+ default y
+
+ help
+ This option selects whether sha1 hashing of loaded policy
+ is enabled by default. The generation of sha1 hashes for
+ loaded policy provide system administrators a quick way
+ to verify that policy in the kernel matches what is expected,
+ however it can slow down policy load on some devices. In
+ these cases policy hashing can be disabled by default and
+ enabled only if needed.