~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/apparmor/Kconfig (Version linux-6.12-rc7) and /security/apparmor/Kconfig (Version linux-5.18.19)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 config SECURITY_APPARMOR                            2 config SECURITY_APPARMOR
  3         bool "AppArmor support"                     3         bool "AppArmor support"
  4         depends on SECURITY && NET                  4         depends on SECURITY && NET
  5         select AUDIT                                5         select AUDIT
  6         select SECURITY_PATH                        6         select SECURITY_PATH
  7         select SECURITYFS                           7         select SECURITYFS
  8         select SECURITY_NETWORK                     8         select SECURITY_NETWORK
                                                   >>   9         select ZLIB_INFLATE
                                                   >>  10         select ZLIB_DEFLATE
  9         default n                                  11         default n
 10         help                                       12         help
 11           This enables the AppArmor security m     13           This enables the AppArmor security module.
 12           Required userspace tools (if they ar     14           Required userspace tools (if they are not included in your
 13           distribution) and further informatio     15           distribution) and further information may be found at
 14           http://apparmor.wiki.kernel.org          16           http://apparmor.wiki.kernel.org
 15                                                    17 
 16           If you are unsure how to answer this     18           If you are unsure how to answer this question, answer N.
 17                                                    19 
                                                   >>  20 config SECURITY_APPARMOR_HASH
                                                   >>  21         bool "Enable introspection of sha1 hashes for loaded profiles"
                                                   >>  22         depends on SECURITY_APPARMOR
                                                   >>  23         select CRYPTO
                                                   >>  24         select CRYPTO_SHA1
                                                   >>  25         default y
                                                   >>  26         help
                                                   >>  27           This option selects whether introspection of loaded policy
                                                   >>  28           is available to userspace via the apparmor filesystem.
                                                   >>  29 
                                                   >>  30 config SECURITY_APPARMOR_HASH_DEFAULT
                                                   >>  31        bool "Enable policy hash introspection by default"
                                                   >>  32        depends on SECURITY_APPARMOR_HASH
                                                   >>  33        default y
                                                   >>  34        help
                                                   >>  35          This option selects whether sha1 hashing of loaded policy
                                                   >>  36          is enabled by default. The generation of sha1 hashes for
                                                   >>  37          loaded policy provide system administrators a quick way
                                                   >>  38          to verify that policy in the kernel matches what is expected,
                                                   >>  39          however it can slow down policy load on some devices. In
                                                   >>  40          these cases policy hashing can be disabled by default and
                                                   >>  41          enabled only if needed.
                                                   >>  42 
 18 config SECURITY_APPARMOR_DEBUG                     43 config SECURITY_APPARMOR_DEBUG
 19         bool "Build AppArmor with debug code"      44         bool "Build AppArmor with debug code"
 20         depends on SECURITY_APPARMOR               45         depends on SECURITY_APPARMOR
 21         default n                                  46         default n
 22         help                                       47         help
 23           Build apparmor with debugging logic      48           Build apparmor with debugging logic in apparmor. Not all
 24           debugging logic will necessarily be      49           debugging logic will necessarily be enabled. A submenu will
 25           provide fine grained control of the      50           provide fine grained control of the debug options that are
 26           available.                               51           available.
 27                                                    52 
 28 config SECURITY_APPARMOR_DEBUG_ASSERTS             53 config SECURITY_APPARMOR_DEBUG_ASSERTS
 29         bool "Build AppArmor with debugging as     54         bool "Build AppArmor with debugging asserts"
 30         depends on SECURITY_APPARMOR_DEBUG         55         depends on SECURITY_APPARMOR_DEBUG
 31         default y                                  56         default y
 32         help                                       57         help
 33           Enable code assertions made with AA_     58           Enable code assertions made with AA_BUG. These are primarily
 34           function entry preconditions but als     59           function entry preconditions but also exist at other key
 35           points. If the assert is triggered i     60           points. If the assert is triggered it will trigger a WARN
 36           message.                                 61           message.
 37                                                    62 
 38 config SECURITY_APPARMOR_DEBUG_MESSAGES            63 config SECURITY_APPARMOR_DEBUG_MESSAGES
 39         bool "Debug messages enabled by defaul     64         bool "Debug messages enabled by default"
 40         depends on SECURITY_APPARMOR_DEBUG         65         depends on SECURITY_APPARMOR_DEBUG
 41         default n                                  66         default n
 42         help                                       67         help
 43           Set the default value of the apparmo     68           Set the default value of the apparmor.debug kernel parameter.
 44           When enabled, various debug messages     69           When enabled, various debug messages will be logged to
 45           the kernel message buffer.               70           the kernel message buffer.
 46                                                    71 
 47 config SECURITY_APPARMOR_INTROSPECT_POLICY     << 
 48         bool "Allow loaded policy to be intros << 
 49         depends on SECURITY_APPARMOR           << 
 50         default y                              << 
 51         help                                   << 
 52           This option selects whether introspe << 
 53           is available to userspace via the ap << 
 54           adds to kernel memory usage. It is r << 
 55           of loaded policy, and check point an << 
 56           can be disabled for embedded systems << 
 57           cpu is paramount.                    << 
 58                                                << 
 59 config SECURITY_APPARMOR_HASH                  << 
 60         bool "Enable introspection of sha256 h << 
 61         depends on SECURITY_APPARMOR_INTROSPEC << 
 62         select CRYPTO                          << 
 63         select CRYPTO_SHA256                   << 
 64         default y                              << 
 65         help                                   << 
 66           This option selects whether introspe << 
 67           hashes is available to userspace via << 
 68           filesystem. This option provides a l << 
 69           checking loaded policy.  This option << 
 70           time and can be disabled for small e << 
 71                                                << 
 72 config SECURITY_APPARMOR_HASH_DEFAULT          << 
 73        bool "Enable policy hash introspection  << 
 74        depends on SECURITY_APPARMOR_HASH       << 
 75        default y                               << 
 76        help                                    << 
 77          This option selects whether sha256 ha << 
 78          is enabled by default. The generation << 
 79          loaded policy provide system administ << 
 80          verify that policy in the kernel matc << 
 81          however it can slow down policy load  << 
 82          these cases policy hashing can be dis << 
 83          enabled only if needed.               << 
 84                                                << 
 85 config SECURITY_APPARMOR_EXPORT_BINARY         << 
 86         bool "Allow exporting the raw binary p << 
 87         depends on SECURITY_APPARMOR_INTROSPEC << 
 88         select ZSTD_COMPRESS                   << 
 89         select ZSTD_DECOMPRESS                 << 
 90         default y                              << 
 91         help                                   << 
 92           This option allows reading back bina << 
 93           It increases the amount of kernel me << 
 94           also increases policy load time. Thi << 
 95           checkpoint and restore support, and  << 
 96                                                << 
 97 config SECURITY_APPARMOR_PARANOID_LOAD         << 
 98         bool "Perform full verification of loa << 
 99         depends on SECURITY_APPARMOR           << 
100         default y                              << 
101         help                                   << 
102           This options allows controlling whet << 
103           verification of loaded policy. This  << 
104           except for embedded systems where th << 
105           includes policy, and has some form o << 
106           Disabling the check will speed up po << 
107                                                << 
108 config SECURITY_APPARMOR_KUNIT_TEST                72 config SECURITY_APPARMOR_KUNIT_TEST
109         tristate "Build KUnit tests for policy !!  73         bool "Build KUnit tests for policy_unpack.c" if !KUNIT_ALL_TESTS
110         depends on KUNIT && SECURITY_APPARMOR  !!  74         depends on KUNIT=y && SECURITY_APPARMOR
111         default KUNIT_ALL_TESTS                    75         default KUNIT_ALL_TESTS
112         help                                       76         help
113           This builds the AppArmor KUnit tests     77           This builds the AppArmor KUnit tests.
114                                                    78 
115           KUnit tests run during boot and outp     79           KUnit tests run during boot and output the results to the debug log
116           in TAP format (https://testanything.     80           in TAP format (https://testanything.org/). Only useful for kernel devs
117           running KUnit test harness and are n     81           running KUnit test harness and are not for inclusion into a
118           production build.                        82           production build.
119                                                    83 
120           For more information on KUnit and un     84           For more information on KUnit and unit tests in general please refer
121           to the KUnit documentation in Docume     85           to the KUnit documentation in Documentation/dev-tools/kunit/.
122                                                    86 
123           If unsure, say N.                        87           If unsure, say N.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php