Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/apparmor/Kconfig 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) config SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) 	bool "AppArmor support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 	depends on SECURITY && NET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) 	select AUDIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 	select SECURITY_PATH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 	select SECURITYFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 	select SECURITY_NETWORK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 	select ZLIB_INFLATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 	select ZLIB_DEFLATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	  This enables the AppArmor security module.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	  Required userspace tools (if they are not included in your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	  distribution) and further information may be found at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 	  http://apparmor.wiki.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	  If you are unsure how to answer this question, answer N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) config SECURITY_APPARMOR_HASH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	bool "Enable introspection of sha1 hashes for loaded profiles"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	depends on SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	select CRYPTO_SHA1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 	  This option selects whether introspection of loaded policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	  is available to userspace via the apparmor filesystem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) config SECURITY_APPARMOR_HASH_DEFAULT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)        bool "Enable policy hash introspection by default"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)        depends on SECURITY_APPARMOR_HASH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)        default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)        help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)          This option selects whether sha1 hashing of loaded policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	 is enabled by default. The generation of sha1 hashes for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 	 loaded policy provide system administrators a quick way
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 	 to verify that policy in the kernel matches what is expected,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 	 however it can slow down policy load on some devices. In
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 	 these cases policy hashing can be disabled by default and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	 enabled only if needed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) config SECURITY_APPARMOR_DEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 	bool "Build AppArmor with debug code"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 	depends on SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 	  Build apparmor with debugging logic in apparmor. Not all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 	  debugging logic will necessarily be enabled. A submenu will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 	  provide fine grained control of the debug options that are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	  available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) config SECURITY_APPARMOR_DEBUG_ASSERTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) 	bool "Build AppArmor with debugging asserts"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) 	depends on SECURITY_APPARMOR_DEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) 	default y
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 	  Enable code assertions made with AA_BUG. These are primarily
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) 	  function entry preconditions but also exist at other key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) 	  points. If the assert is triggered it will trigger a WARN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) 	  message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) config SECURITY_APPARMOR_DEBUG_MESSAGES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) 	bool "Debug messages enabled by default"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) 	depends on SECURITY_APPARMOR_DEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) 	default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) 	  Set the default value of the apparmor.debug kernel parameter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) 	  When enabled, various debug messages will be logged to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) 	  the kernel message buffer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) config SECURITY_APPARMOR_KUNIT_TEST
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) 	bool "Build KUnit tests for policy_unpack.c" if !KUNIT_ALL_TESTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) 	depends on KUNIT=y && SECURITY_APPARMOR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) 	default KUNIT_ALL_TESTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) 	help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) 	  This builds the AppArmor KUnit tests.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) 	  KUnit tests run during boot and output the results to the debug log
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) 	  in TAP format (https://testanything.org/). Only useful for kernel devs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) 	  running KUnit test harness and are not for inclusion into a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) 	  production build.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) 	  For more information on KUnit and unit tests in general please refer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) 	  to the KUnit documentation in Documentation/dev-tools/kunit/.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) 	  If unsure, say N.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.