TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
1287fc5333faf5074b206161eede39af7eb8d3ad
ubports_kernel_google_msm/security/apparmor/Kconfig
John Johansen 1287fc5333 UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot 
This is a sync and squash to the apparmor 3 RC 1 development snapshot.
The set of patches in this squash are available at the apparmor-3.RC1
tag in git://kernel.ubuntu.com/jj/ubuntu-utopic.git.

This cleans up several functions over the alpha6 sync, and includes
multiple bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types

In addition to the apparmor 3 RC 1 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: 3.4 backport alias file_open 83d49856
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.15 backport revert nick kvfree() from apparmor
- apparmor: backport setup base backport files

BugLink: http://bugs.launchpad.net/bugs/1362199

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
2014-09-19 09:09:26 -06:00

79 lines
2.5 KiB
Plaintext
Raw Blame History

config SECURITY_APPARMOR
bool "AppArmor support"
depends on SECURITY && NET
select AUDIT
select SECURITY_PATH
select SECURITYFS
select SECURITY_NETWORK
default n
help
This enables the AppArmor security module.
Required userspace tools (if they are not included in your
distribution) and further information may be found at
http://apparmor.wiki.kernel.org
If you are unsure how to answer this question, answer N.
config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.
If you are unsure how to answer this question, answer 1.
config SECURITY_APPARMOR_STATS
bool "enable debug statistics"
depends on SECURITY_APPARMOR
select APPARMOR_LABEL_STATS
default n
help
This enables keeping statistics on various internal structures
and functions in apparmor.
If you are unsure how to answer this question, answer N.
config SECURITY_APPARMOR_UNCONFINED_INIT
bool "Set init to unconfined on boot"
depends on SECURITY_APPARMOR
default y
help
This option determines policy behavior during early boot by
placing the init process in the unconfined state, or the
'default' profile.
This option determines policy behavior during early boot by
placing the init process in the unconfined state, or the
'default' profile.
'Y' means init and its children are not confined, unless the
init process is re-execed after a policy load; loaded policy
will only apply to processes started after the load.
'N' means init and its children are confined in a profile
named 'default', which can be replaced later and thus
provide for confinement for processes started early at boot,
though not confined during early boot.
If you are unsure how to answer this question, answer Y.
config SECURITY_APPARMOR_HASH
bool "SHA1 hash of loaded profiles"
depends on SECURITY_APPARMOR
depends on CRYPTO
select CRYPTO_SHA1
default y
help
This option selects whether sha1 hashing is done against loaded
profiles and exported for inspection to user space via the apparmor
filesystem.
Reference in New Issue View Git Blame Copy Permalink