|
|
@@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH
|
|
|
select CRYPTO
|
|
|
select CRYPTO_SHA1
|
|
|
default y
|
|
|
-
|
|
|
help
|
|
|
This option selects whether introspection of loaded policy
|
|
|
is available to userspace via the apparmor filesystem.
|
|
|
@@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT
|
|
|
bool "Enable policy hash introspection by default"
|
|
|
depends on SECURITY_APPARMOR_HASH
|
|
|
default y
|
|
|
-
|
|
|
help
|
|
|
This option selects whether sha1 hashing of loaded policy
|
|
|
is enabled by default. The generation of sha1 hashes for
|
|
|
@@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT
|
|
|
however it can slow down policy load on some devices. In
|
|
|
these cases policy hashing can be disabled by default and
|
|
|
enabled only if needed.
|
|
|
+
|
|
|
+config SECURITY_APPARMOR_DEBUG
|
|
|
+ bool "Build AppArmor with debug code"
|
|
|
+ depends on SECURITY_APPARMOR
|
|
|
+ default n
|
|
|
+ help
|
|
|
+ Build apparmor with debugging logic in apparmor. Not all
|
|
|
+ debugging logic will necessarily be enabled. A submenu will
|
|
|
+ provide fine grained control of the debug options that are
|
|
|
+ available.
|
|
|
+
|
|
|
+config SECURITY_APPARMOR_DEBUG_ASSERTS
|
|
|
+ bool "Build AppArmor with debugging asserts"
|
|
|
+ depends on SECURITY_APPARMOR_DEBUG
|
|
|
+ default y
|
|
|
+ help
|
|
|
+ Enable code assertions made with AA_BUG. These are primarily
|
|
|
+ function entry preconditions but also exist at other key
|
|
|
+ points. If the assert is triggered it will trigger a WARN
|
|
|
+ message.
|
|
|
+
|
|
|
+config SECURITY_APPARMOR_DEBUG_MESSAGES
|
|
|
+ bool "Debug messages enabled by default"
|
|
|
+ depends on SECURITY_APPARMOR_DEBUG
|
|
|
+ default n
|
|
|
+ help
|
|
|
+ Set the default value of the apparmor.debug kernel parameter.
|
|
|
+ When enabled, various debug messages will be logged to
|
|
|
+ the kernel message buffer.
|
John Johansen