~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/apparmor/Kconfig (Version linux-6.12-rc7) and /security/apparmor/Kconfig (Version linux-4.20.17)


  1 # SPDX-License-Identifier: GPL-2.0-only        << 
  2 config SECURITY_APPARMOR                            1 config SECURITY_APPARMOR
  3         bool "AppArmor support"                     2         bool "AppArmor support"
  4         depends on SECURITY && NET                  3         depends on SECURITY && NET
  5         select AUDIT                                4         select AUDIT
  6         select SECURITY_PATH                        5         select SECURITY_PATH
  7         select SECURITYFS                           6         select SECURITYFS
  8         select SECURITY_NETWORK                     7         select SECURITY_NETWORK
  9         default n                                   8         default n
 10         help                                        9         help
 11           This enables the AppArmor security m     10           This enables the AppArmor security module.
 12           Required userspace tools (if they ar     11           Required userspace tools (if they are not included in your
 13           distribution) and further informatio     12           distribution) and further information may be found at
 14           http://apparmor.wiki.kernel.org          13           http://apparmor.wiki.kernel.org
 15                                                    14 
 16           If you are unsure how to answer this     15           If you are unsure how to answer this question, answer N.
 17                                                    16 
                                                   >>  17 config SECURITY_APPARMOR_BOOTPARAM_VALUE
                                                   >>  18         int "AppArmor boot parameter default value"
                                                   >>  19         depends on SECURITY_APPARMOR
                                                   >>  20         range 0 1
                                                   >>  21         default 1
                                                   >>  22         help
                                                   >>  23           This option sets the default value for the kernel parameter
                                                   >>  24           'apparmor', which allows AppArmor to be enabled or disabled
                                                   >>  25           at boot.  If this option is set to 0 (zero), the AppArmor
                                                   >>  26           kernel parameter will default to 0, disabling AppArmor at
                                                   >>  27           boot.  If this option is set to 1 (one), the AppArmor
                                                   >>  28           kernel parameter will default to 1, enabling AppArmor at
                                                   >>  29           boot.
                                                   >>  30 
                                                   >>  31           If you are unsure how to answer this question, answer 1.
                                                   >>  32 
                                                   >>  33 config SECURITY_APPARMOR_HASH
                                                   >>  34         bool "Enable introspection of sha1 hashes for loaded profiles"
                                                   >>  35         depends on SECURITY_APPARMOR
                                                   >>  36         select CRYPTO
                                                   >>  37         select CRYPTO_SHA1
                                                   >>  38         default y
                                                   >>  39         help
                                                   >>  40           This option selects whether introspection of loaded policy
                                                   >>  41           is available to userspace via the apparmor filesystem.
                                                   >>  42 
                                                   >>  43 config SECURITY_APPARMOR_HASH_DEFAULT
                                                   >>  44        bool "Enable policy hash introspection by default"
                                                   >>  45        depends on SECURITY_APPARMOR_HASH
                                                   >>  46        default y
                                                   >>  47        help
                                                   >>  48          This option selects whether sha1 hashing of loaded policy
                                                   >>  49          is enabled by default. The generation of sha1 hashes for
                                                   >>  50          loaded policy provide system administrators a quick way
                                                   >>  51          to verify that policy in the kernel matches what is expected,
                                                   >>  52          however it can slow down policy load on some devices. In
                                                   >>  53          these cases policy hashing can be disabled by default and
                                                   >>  54          enabled only if needed.
                                                   >>  55 
 18 config SECURITY_APPARMOR_DEBUG                     56 config SECURITY_APPARMOR_DEBUG
 19         bool "Build AppArmor with debug code"      57         bool "Build AppArmor with debug code"
 20         depends on SECURITY_APPARMOR               58         depends on SECURITY_APPARMOR
 21         default n                                  59         default n
 22         help                                       60         help
 23           Build apparmor with debugging logic      61           Build apparmor with debugging logic in apparmor. Not all
 24           debugging logic will necessarily be      62           debugging logic will necessarily be enabled. A submenu will
 25           provide fine grained control of the      63           provide fine grained control of the debug options that are
 26           available.                               64           available.
 27                                                    65 
 28 config SECURITY_APPARMOR_DEBUG_ASSERTS             66 config SECURITY_APPARMOR_DEBUG_ASSERTS
 29         bool "Build AppArmor with debugging as     67         bool "Build AppArmor with debugging asserts"
 30         depends on SECURITY_APPARMOR_DEBUG         68         depends on SECURITY_APPARMOR_DEBUG
 31         default y                                  69         default y
 32         help                                       70         help
 33           Enable code assertions made with AA_     71           Enable code assertions made with AA_BUG. These are primarily
 34           function entry preconditions but als     72           function entry preconditions but also exist at other key
 35           points. If the assert is triggered i     73           points. If the assert is triggered it will trigger a WARN
 36           message.                                 74           message.
 37                                                    75 
 38 config SECURITY_APPARMOR_DEBUG_MESSAGES            76 config SECURITY_APPARMOR_DEBUG_MESSAGES
 39         bool "Debug messages enabled by defaul     77         bool "Debug messages enabled by default"
 40         depends on SECURITY_APPARMOR_DEBUG         78         depends on SECURITY_APPARMOR_DEBUG
 41         default n                                  79         default n
 42         help                                       80         help
 43           Set the default value of the apparmo     81           Set the default value of the apparmor.debug kernel parameter.
 44           When enabled, various debug messages     82           When enabled, various debug messages will be logged to
 45           the kernel message buffer.               83           the kernel message buffer.
 46                                                << 
 47 config SECURITY_APPARMOR_INTROSPECT_POLICY     << 
 48         bool "Allow loaded policy to be intros << 
 49         depends on SECURITY_APPARMOR           << 
 50         default y                              << 
 51         help                                   << 
 52           This option selects whether introspe << 
 53           is available to userspace via the ap << 
 54           adds to kernel memory usage. It is r << 
 55           of loaded policy, and check point an << 
 56           can be disabled for embedded systems << 
 57           cpu is paramount.                    << 
 58                                                << 
 59 config SECURITY_APPARMOR_HASH                  << 
 60         bool "Enable introspection of sha256 h << 
 61         depends on SECURITY_APPARMOR_INTROSPEC << 
 62         select CRYPTO                          << 
 63         select CRYPTO_SHA256                   << 
 64         default y                              << 
 65         help                                   << 
 66           This option selects whether introspe << 
 67           hashes is available to userspace via << 
 68           filesystem. This option provides a l << 
 69           checking loaded policy.  This option << 
 70           time and can be disabled for small e << 
 71                                                << 
 72 config SECURITY_APPARMOR_HASH_DEFAULT          << 
 73        bool "Enable policy hash introspection  << 
 74        depends on SECURITY_APPARMOR_HASH       << 
 75        default y                               << 
 76        help                                    << 
 77          This option selects whether sha256 ha << 
 78          is enabled by default. The generation << 
 79          loaded policy provide system administ << 
 80          verify that policy in the kernel matc << 
 81          however it can slow down policy load  << 
 82          these cases policy hashing can be dis << 
 83          enabled only if needed.               << 
 84                                                << 
 85 config SECURITY_APPARMOR_EXPORT_BINARY         << 
 86         bool "Allow exporting the raw binary p << 
 87         depends on SECURITY_APPARMOR_INTROSPEC << 
 88         select ZSTD_COMPRESS                   << 
 89         select ZSTD_DECOMPRESS                 << 
 90         default y                              << 
 91         help                                   << 
 92           This option allows reading back bina << 
 93           It increases the amount of kernel me << 
 94           also increases policy load time. Thi << 
 95           checkpoint and restore support, and  << 
 96                                                << 
 97 config SECURITY_APPARMOR_PARANOID_LOAD         << 
 98         bool "Perform full verification of loa << 
 99         depends on SECURITY_APPARMOR           << 
100         default y                              << 
101         help                                   << 
102           This options allows controlling whet << 
103           verification of loaded policy. This  << 
104           except for embedded systems where th << 
105           includes policy, and has some form o << 
106           Disabling the check will speed up po << 
107                                                << 
108 config SECURITY_APPARMOR_KUNIT_TEST            << 
109         tristate "Build KUnit tests for policy << 
110         depends on KUNIT && SECURITY_APPARMOR  << 
111         default KUNIT_ALL_TESTS                << 
112         help                                   << 
113           This builds the AppArmor KUnit tests << 
114                                                << 
115           KUnit tests run during boot and outp << 
116           in TAP format (https://testanything. << 
117           running KUnit test harness and are n << 
118           production build.                    << 
119                                                << 
120           For more information on KUnit and un << 
121           to the KUnit documentation in Docume << 
122                                                << 
123           If unsure, say N.                    << 
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php