Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /security/apparmor/Kconfig 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# SPDX-License-Identifier: GPL-2.0-only
config CONFIG_SECURITY_APPARMOR
	bool "AppArmor support"
	depends on CONFIG_SECURITY && CONFIG_NET
	select CONFIG_AUDIT
	select CONFIG_SECURITY_PATH
	select CONFIG_SECURITYFS
	select CONFIG_SECURITY_NETWORK
	default n
	help
	  This enables the AppArmor security module.
	  Required userspace tools (if they are not included in your
	  distribution) and further information may be found at
	  http://apparmor.wiki.kernel.org

	  If you are unsure how to answer this question, answer N.

config CONFIG_SECURITY_APPARMOR_HASH
	bool "Enable introspection of sha1 hashes for loaded profiles"
	depends on CONFIG_SECURITY_APPARMOR
	select CONFIG_CRYPTO
	select CONFIG_CRYPTO_SHA1
	default y
	help
	  This option selects whether introspection of loaded policy
	  is available to userspace via the apparmor filesystem.

config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT
       bool "Enable policy hash introspection by default"
       depends on CONFIG_SECURITY_APPARMOR_HASH
       default y
       help
         This option selects whether sha1 hashing of loaded policy
	 is enabled by default. The generation of sha1 hashes for
	 loaded policy provide system administrators a quick way
	 to verify that policy in the kernel matches what is expected,
	 however it can slow down policy load on some devices. In
	 these cases policy hashing can be disabled by default and
	 enabled only if needed.

config CONFIG_SECURITY_APPARMOR_DEBUG
	bool "Build AppArmor with debug code"
	depends on CONFIG_SECURITY_APPARMOR
	default n
	help
	  Build apparmor with debugging logic in apparmor. Not all
	  debugging logic will necessarily be enabled. CONFIG_A submenu will
	  provide fine grained control of the debug options that are
	  available.

config CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS
	bool "Build AppArmor with debugging asserts"
	depends on CONFIG_SECURITY_APPARMOR_DEBUG
	default y
	help
	  Enable code assertions made with AA_BUG. These are primarily
	  function entry preconditions but also exist at other key
	  points. If the assert is triggered it will trigger a WARN
	  message.

config CONFIG_SECURITY_APPARMOR_DEBUG_MESSAGES
	bool "Debug messages enabled by default"
	depends on CONFIG_SECURITY_APPARMOR_DEBUG
	default n
	help
	  Set the default value of the apparmor.debug kernel parameter.
	  When enabled, various debug messages will be logged to
	  the kernel message buffer.