forked from luck/tmp_suning_uos_patched
083c1290ca
The crypto framework can be built as a loadable module, but the apparmor hash code can only be built-in, which then causes a link error: security/built-in.o: In function `aa_calc_profile_hash': integrity_audit.c:(.text+0x21610): undefined reference to `crypto_shash_update' security/built-in.o: In function `init_profile_hash': integrity_audit.c:(.init.text+0xb4c): undefined reference to `crypto_alloc_shash' This changes Apparmor to use 'select CRYPTO' like a lot of other subsystems do. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
config SECURITY_APPARMOR
|
|
bool "AppArmor support"
|
|
depends on SECURITY && NET
|
|
select AUDIT
|
|
select SECURITY_PATH
|
|
select SECURITYFS
|
|
select SECURITY_NETWORK
|
|
default n
|
|
help
|
|
This enables the AppArmor security module.
|
|
Required userspace tools (if they are not included in your
|
|
distribution) and further information may be found at
|
|
http://apparmor.wiki.kernel.org
|
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_APPARMOR_BOOTPARAM_VALUE
|
|
int "AppArmor boot parameter default value"
|
|
depends on SECURITY_APPARMOR
|
|
range 0 1
|
|
default 1
|
|
help
|
|
This option sets the default value for the kernel parameter
|
|
'apparmor', which allows AppArmor to be enabled or disabled
|
|
at boot. If this option is set to 0 (zero), the AppArmor
|
|
kernel parameter will default to 0, disabling AppArmor at
|
|
boot. If this option is set to 1 (one), the AppArmor
|
|
kernel parameter will default to 1, enabling AppArmor at
|
|
boot.
|
|
|
|
If you are unsure how to answer this question, answer 1.
|
|
|
|
config SECURITY_APPARMOR_HASH
|
|
bool "SHA1 hash of loaded profiles"
|
|
depends on SECURITY_APPARMOR
|
|
select CRYPTO
|
|
select CRYPTO_SHA1
|
|
default y
|
|
|
|
help
|
|
This option selects whether sha1 hashing is done against loaded
|
|
profiles and exported for inspection to user space via the apparmor
|
|
filesystem.
|