f8eb8a1324
Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
43 lines
1.3 KiB
Text
43 lines
1.3 KiB
Text
config SECURITY_APPARMOR
|
|
bool "AppArmor support"
|
|
depends on SECURITY && NET
|
|
select AUDIT
|
|
select SECURITY_PATH
|
|
select SECURITYFS
|
|
select SECURITY_NETWORK
|
|
default n
|
|
help
|
|
This enables the AppArmor security module.
|
|
Required userspace tools (if they are not included in your
|
|
distribution) and further information may be found at
|
|
http://apparmor.wiki.kernel.org
|
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_APPARMOR_BOOTPARAM_VALUE
|
|
int "AppArmor boot parameter default value"
|
|
depends on SECURITY_APPARMOR
|
|
range 0 1
|
|
default 1
|
|
help
|
|
This option sets the default value for the kernel parameter
|
|
'apparmor', which allows AppArmor to be enabled or disabled
|
|
at boot. If this option is set to 0 (zero), the AppArmor
|
|
kernel parameter will default to 0, disabling AppArmor at
|
|
boot. If this option is set to 1 (one), the AppArmor
|
|
kernel parameter will default to 1, enabling AppArmor at
|
|
boot.
|
|
|
|
If you are unsure how to answer this question, answer 1.
|
|
|
|
config SECURITY_APPARMOR_HASH
|
|
bool "SHA1 hash of loaded profiles"
|
|
depends on SECURITY_APPARMOR
|
|
depends on CRYPTO
|
|
select CRYPTO_SHA1
|
|
default y
|
|
|
|
help
|
|
This option selects whether sha1 hashing is done against loaded
|
|
profiles and exported for inspection to user space via the apparmor
|
|
filesystem.
|