| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- config SECURITY_APPARMOR
- bool "AppArmor support"
- depends on SECURITY && NET
- select AUDIT
- select SECURITY_PATH
- select SECURITYFS
- select SECURITY_NETWORK
- default n
- help
- This enables the AppArmor security module.
- Required userspace tools (if they are not included in your
- distribution) and further information may be found at
- http://apparmor.wiki.kernel.org
- If you are unsure how to answer this question, answer N.
- config SECURITY_APPARMOR_BOOTPARAM_VALUE
- int "AppArmor boot parameter default value"
- depends on SECURITY_APPARMOR
- range 0 1
- default 1
- help
- This option sets the default value for the kernel parameter
- 'apparmor', which allows AppArmor to be enabled or disabled
- at boot. If this option is set to 0 (zero), the AppArmor
- kernel parameter will default to 0, disabling AppArmor at
- boot. If this option is set to 1 (one), the AppArmor
- kernel parameter will default to 1, enabling AppArmor at
- boot.
- If you are unsure how to answer this question, answer 1.
- config SECURITY_APPARMOR_HASH
- bool "Enable introspection of sha1 hashes for loaded profiles"
- depends on SECURITY_APPARMOR
- select CRYPTO
- select CRYPTO_SHA1
- default y
- help
- This option selects whether introspection of loaded policy
- is available to userspace via the apparmor filesystem.
- config SECURITY_APPARMOR_HASH_DEFAULT
- bool "Enable policy hash introspection by default"
- depends on SECURITY_APPARMOR_HASH
- default y
- help
- This option selects whether sha1 hashing of loaded policy
- is enabled by default. The generation of sha1 hashes for
- loaded policy provide system administrators a quick way
- to verify that policy in the kernel matches what is expected,
- however it can slow down policy load on some devices. In
- these cases policy hashing can be disabled by default and
- enabled only if needed.
|
