~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/apparmor/Kconfig (Version linux-6.12-rc7) and /security/apparmor/Kconfig (Version linux-5.3.18)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 config SECURITY_APPARMOR                            2 config SECURITY_APPARMOR
  3         bool "AppArmor support"                     3         bool "AppArmor support"
  4         depends on SECURITY && NET                  4         depends on SECURITY && NET
  5         select AUDIT                                5         select AUDIT
  6         select SECURITY_PATH                        6         select SECURITY_PATH
  7         select SECURITYFS                           7         select SECURITYFS
  8         select SECURITY_NETWORK                     8         select SECURITY_NETWORK
  9         default n                                   9         default n
 10         help                                       10         help
 11           This enables the AppArmor security m     11           This enables the AppArmor security module.
 12           Required userspace tools (if they ar     12           Required userspace tools (if they are not included in your
 13           distribution) and further informatio     13           distribution) and further information may be found at
 14           http://apparmor.wiki.kernel.org          14           http://apparmor.wiki.kernel.org
 15                                                    15 
 16           If you are unsure how to answer this     16           If you are unsure how to answer this question, answer N.
 17                                                    17 
                                                   >>  18 config SECURITY_APPARMOR_HASH
                                                   >>  19         bool "Enable introspection of sha1 hashes for loaded profiles"
                                                   >>  20         depends on SECURITY_APPARMOR
                                                   >>  21         select CRYPTO
                                                   >>  22         select CRYPTO_SHA1
                                                   >>  23         default y
                                                   >>  24         help
                                                   >>  25           This option selects whether introspection of loaded policy
                                                   >>  26           is available to userspace via the apparmor filesystem.
                                                   >>  27 
                                                   >>  28 config SECURITY_APPARMOR_HASH_DEFAULT
                                                   >>  29        bool "Enable policy hash introspection by default"
                                                   >>  30        depends on SECURITY_APPARMOR_HASH
                                                   >>  31        default y
                                                   >>  32        help
                                                   >>  33          This option selects whether sha1 hashing of loaded policy
                                                   >>  34          is enabled by default. The generation of sha1 hashes for
                                                   >>  35          loaded policy provide system administrators a quick way
                                                   >>  36          to verify that policy in the kernel matches what is expected,
                                                   >>  37          however it can slow down policy load on some devices. In
                                                   >>  38          these cases policy hashing can be disabled by default and
                                                   >>  39          enabled only if needed.
                                                   >>  40 
 18 config SECURITY_APPARMOR_DEBUG                     41 config SECURITY_APPARMOR_DEBUG
 19         bool "Build AppArmor with debug code"      42         bool "Build AppArmor with debug code"
 20         depends on SECURITY_APPARMOR               43         depends on SECURITY_APPARMOR
 21         default n                                  44         default n
 22         help                                       45         help
 23           Build apparmor with debugging logic      46           Build apparmor with debugging logic in apparmor. Not all
 24           debugging logic will necessarily be      47           debugging logic will necessarily be enabled. A submenu will
 25           provide fine grained control of the      48           provide fine grained control of the debug options that are
 26           available.                               49           available.
 27                                                    50 
 28 config SECURITY_APPARMOR_DEBUG_ASSERTS             51 config SECURITY_APPARMOR_DEBUG_ASSERTS
 29         bool "Build AppArmor with debugging as     52         bool "Build AppArmor with debugging asserts"
 30         depends on SECURITY_APPARMOR_DEBUG         53         depends on SECURITY_APPARMOR_DEBUG
 31         default y                                  54         default y
 32         help                                       55         help
 33           Enable code assertions made with AA_     56           Enable code assertions made with AA_BUG. These are primarily
 34           function entry preconditions but als     57           function entry preconditions but also exist at other key
 35           points. If the assert is triggered i     58           points. If the assert is triggered it will trigger a WARN
 36           message.                                 59           message.
 37                                                    60 
 38 config SECURITY_APPARMOR_DEBUG_MESSAGES            61 config SECURITY_APPARMOR_DEBUG_MESSAGES
 39         bool "Debug messages enabled by defaul     62         bool "Debug messages enabled by default"
 40         depends on SECURITY_APPARMOR_DEBUG         63         depends on SECURITY_APPARMOR_DEBUG
 41         default n                                  64         default n
 42         help                                       65         help
 43           Set the default value of the apparmo     66           Set the default value of the apparmor.debug kernel parameter.
 44           When enabled, various debug messages     67           When enabled, various debug messages will be logged to
 45           the kernel message buffer.               68           the kernel message buffer.
 46                                                << 
 47 config SECURITY_APPARMOR_INTROSPECT_POLICY     << 
 48         bool "Allow loaded policy to be intros << 
 49         depends on SECURITY_APPARMOR           << 
 50         default y                              << 
 51         help                                   << 
 52           This option selects whether introspe << 
 53           is available to userspace via the ap << 
 54           adds to kernel memory usage. It is r << 
 55           of loaded policy, and check point an << 
 56           can be disabled for embedded systems << 
 57           cpu is paramount.                    << 
 58                                                << 
 59 config SECURITY_APPARMOR_HASH                  << 
 60         bool "Enable introspection of sha256 h << 
 61         depends on SECURITY_APPARMOR_INTROSPEC << 
 62         select CRYPTO                          << 
 63         select CRYPTO_SHA256                   << 
 64         default y                              << 
 65         help                                   << 
 66           This option selects whether introspe << 
 67           hashes is available to userspace via << 
 68           filesystem. This option provides a l << 
 69           checking loaded policy.  This option << 
 70           time and can be disabled for small e << 
 71                                                << 
 72 config SECURITY_APPARMOR_HASH_DEFAULT          << 
 73        bool "Enable policy hash introspection  << 
 74        depends on SECURITY_APPARMOR_HASH       << 
 75        default y                               << 
 76        help                                    << 
 77          This option selects whether sha256 ha << 
 78          is enabled by default. The generation << 
 79          loaded policy provide system administ << 
 80          verify that policy in the kernel matc << 
 81          however it can slow down policy load  << 
 82          these cases policy hashing can be dis << 
 83          enabled only if needed.               << 
 84                                                << 
 85 config SECURITY_APPARMOR_EXPORT_BINARY         << 
 86         bool "Allow exporting the raw binary p << 
 87         depends on SECURITY_APPARMOR_INTROSPEC << 
 88         select ZSTD_COMPRESS                   << 
 89         select ZSTD_DECOMPRESS                 << 
 90         default y                              << 
 91         help                                   << 
 92           This option allows reading back bina << 
 93           It increases the amount of kernel me << 
 94           also increases policy load time. Thi << 
 95           checkpoint and restore support, and  << 
 96                                                << 
 97 config SECURITY_APPARMOR_PARANOID_LOAD         << 
 98         bool "Perform full verification of loa << 
 99         depends on SECURITY_APPARMOR           << 
100         default y                              << 
101         help                                   << 
102           This options allows controlling whet << 
103           verification of loaded policy. This  << 
104           except for embedded systems where th << 
105           includes policy, and has some form o << 
106           Disabling the check will speed up po << 
107                                                << 
108 config SECURITY_APPARMOR_KUNIT_TEST            << 
109         tristate "Build KUnit tests for policy << 
110         depends on KUNIT && SECURITY_APPARMOR  << 
111         default KUNIT_ALL_TESTS                << 
112         help                                   << 
113           This builds the AppArmor KUnit tests << 
114                                                << 
115           KUnit tests run during boot and outp << 
116           in TAP format (https://testanything. << 
117           running KUnit test harness and are n << 
118           production build.                    << 
119                                                << 
120           For more information on KUnit and un << 
121           to the KUnit documentation in Docume << 
122                                                << 
123           If unsure, say N.                    << 
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php