1 config SECURITY_APPARMOR
2 bool "AppArmor support"
3 depends on SECURITY && NET
7 select SECURITY_NETWORK
12 This enables the AppArmor security module.
13 Required userspace tools (if they are not included in your
14 distribution) and further information may be found at
15 http://apparmor.wiki.kernel.org
17 If you are unsure how to answer this question, answer N.
19 config SECURITY_APPARMOR_HASH
20 bool "Enable introspection of sha1 hashes for loaded profiles"
21 depends on SECURITY_APPARMOR
26 This option selects whether introspection of loaded policy
27 is available to userspace via the apparmor filesystem.
29 config SECURITY_APPARMOR_HASH_DEFAULT
30 bool "Enable policy hash introspection by default"
31 depends on SECURITY_APPARMOR_HASH
34 This option selects whether sha1 hashing of loaded policy
35 is enabled by default. The generation of sha1 hashes for
36 loaded policy provide system administrators a quick way
37 to verify that policy in the kernel matches what is expected,
38 however it can slow down policy load on some devices. In
39 these cases policy hashing can be disabled by default and
40 enabled only if needed.
42 config SECURITY_APPARMOR_DEBUG
43 bool "Build AppArmor with debug code"
44 depends on SECURITY_APPARMOR
47 Build apparmor with debugging logic in apparmor. Not all
48 debugging logic will necessarily be enabled. A submenu will
49 provide fine grained control of the debug options that are
52 config SECURITY_APPARMOR_DEBUG_ASSERTS
53 bool "Build AppArmor with debugging asserts"
54 depends on SECURITY_APPARMOR_DEBUG
57 Enable code assertions made with AA_BUG. These are primarily
58 function entry preconditions but also exist at other key
59 points. If the assert is triggered it will trigger a WARN
62 config SECURITY_APPARMOR_DEBUG_MESSAGES
63 bool "Debug messages enabled by default"
64 depends on SECURITY_APPARMOR_DEBUG
67 Set the default value of the apparmor.debug kernel parameter.
68 When enabled, various debug messages will be logged to
69 the kernel message buffer.