forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-pinenote/security/apparmor/Kconfig

44 lines
1.3 KiB
Text
Raw Normal View History

AppArmor: Enable configuring and building of the AppArmor security module Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-07-30 13:46:33 +10:00
config SECURITY_APPARMOR
bool "AppArmor support"
apparmor: depends on NET SECURITY_APPARMOR should depend on NET since AUDIT needs (depends on) NET. Fixes 70-80 errors that occur when CONFIG_NET is not enabled, but APPARMOR selects AUDIT without qualification. E.g.: audit.c:(.text+0x33361): undefined reference to `netlink_unicast' (.text+0x333df): undefined reference to `netlink_unicast' audit.c:(.text+0x3341d): undefined reference to `skb_queue_tail' audit.c:(.text+0x33424): undefined reference to `kfree_skb' audit.c:(.text+0x334cb): undefined reference to `kfree_skb' audit.c:(.text+0x33597): undefined reference to `skb_put' audit.c:(.text+0x3369b): undefined reference to `__alloc_skb' audit.c:(.text+0x336d7): undefined reference to `kfree_skb' (.text+0x3374c): undefined reference to `__alloc_skb' auditfilter.c:(.text+0x35305): undefined reference to `skb_queue_tail' lsm_audit.c:(.text+0x2873): undefined reference to `init_net' lsm_audit.c:(.text+0x2878): undefined reference to `dev_get_by_index' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 10:52:18 -07:00
depends on SECURITY && NET
AppArmor: Enable configuring and building of the AppArmor security module Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2010-07-30 13:46:33 +10:00
select AUDIT
select SECURITY_PATH
select SECURITYFS
select SECURITY_NETWORK
default n
help
This enables the AppArmor security module.
Required userspace tools (if they are not included in your
distribution) and further information may be found at
http://apparmor.wiki.kernel.org
If you are unsure how to answer this question, answer N.
config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.
If you are unsure how to answer this question, answer 1.
apparmor: add the ability to report a sha1 hash of loaded policy Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-08-14 11:27:36 -07:00
config SECURITY_APPARMOR_HASH
bool "SHA1 hash of loaded profiles"
depends on SECURITY_APPARMOR
depends on CRYPTO
select CRYPTO_SHA1
default y
help
This option selects whether sha1 hashing is done against loaded
profiles and exported for inspection to user space via the apparmor
filesystem.
Reference in a new issue Copy permalink