summaryrefslogtreecommitdiff
path: root/security/apparmor/Kconfig
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2015-08-05 17:04:01 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2015-08-05 17:04:01 -0300
commit57f0f512b273f60d52568b8c6b77e17f5636edc0 (patch)
tree5e910f0e82173f4ef4f51111366a3f1299037a7b /security/apparmor/Kconfig
Initial import
Diffstat (limited to 'security/apparmor/Kconfig')
-rw-r--r--security/apparmor/Kconfig43
1 files changed, 43 insertions, 0 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
new file mode 100644
index 000000000..d49c53960
--- /dev/null
+++ b/security/apparmor/Kconfig
@@ -0,0 +1,43 @@
+config SECURITY_APPARMOR
+ bool "AppArmor support"
+ depends on SECURITY && NET
+ select AUDIT
+ select SECURITY_PATH
+ select SECURITYFS
+ select SECURITY_NETWORK
+ default n
+ help
+ This enables the AppArmor security module.
+ Required userspace tools (if they are not included in your
+ distribution) and further information may be found at
+ http://apparmor.wiki.kernel.org
+
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_APPARMOR_BOOTPARAM_VALUE
+ int "AppArmor boot parameter default value"
+ depends on SECURITY_APPARMOR
+ range 0 1
+ default 1
+ help
+ This option sets the default value for the kernel parameter
+ 'apparmor', which allows AppArmor to be enabled or disabled
+ at boot. If this option is set to 0 (zero), the AppArmor
+ kernel parameter will default to 0, disabling AppArmor at
+ boot. If this option is set to 1 (one), the AppArmor
+ kernel parameter will default to 1, enabling AppArmor at
+ boot.
+
+ If you are unsure how to answer this question, answer 1.
+
+config SECURITY_APPARMOR_HASH
+ bool "SHA1 hash of loaded profiles"
+ depends on SECURITY_APPARMOR
+ depends on CRYPTO
+ select CRYPTO_SHA1
+ default y
+
+ help
+ This option selects whether sha1 hashing is done against loaded
+ profiles and exported for inspection to user space via the apparmor
+ filesystem.