Commit 016d825fe02cd20fd8803ca37a1e6d428fe878f6
Committed by
James Morris
1 parent
484ca79c65
Exists in
master
and in
7 other branches
AppArmor: Enable configuring and building of the AppArmor security module
Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 60 additions and 0 deletions Side-by-side Diff
security/apparmor/.gitignore
security/apparmor/Kconfig
1 | +config SECURITY_APPARMOR | |
2 | + bool "AppArmor support" | |
3 | + depends on SECURITY | |
4 | + select AUDIT | |
5 | + select SECURITY_PATH | |
6 | + select SECURITYFS | |
7 | + select SECURITY_NETWORK | |
8 | + default n | |
9 | + help | |
10 | + This enables the AppArmor security module. | |
11 | + Required userspace tools (if they are not included in your | |
12 | + distribution) and further information may be found at | |
13 | + http://apparmor.wiki.kernel.org | |
14 | + | |
15 | + If you are unsure how to answer this question, answer N. | |
16 | + | |
17 | +config SECURITY_APPARMOR_BOOTPARAM_VALUE | |
18 | + int "AppArmor boot parameter default value" | |
19 | + depends on SECURITY_APPARMOR | |
20 | + range 0 1 | |
21 | + default 1 | |
22 | + help | |
23 | + This option sets the default value for the kernel parameter | |
24 | + 'apparmor', which allows AppArmor to be enabled or disabled | |
25 | + at boot. If this option is set to 0 (zero), the AppArmor | |
26 | + kernel parameter will default to 0, disabling AppArmor at | |
27 | + boot. If this option is set to 1 (one), the AppArmor | |
28 | + kernel parameter will default to 1, enabling AppArmor at | |
29 | + boot. | |
30 | + | |
31 | + If you are unsure how to answer this question, answer 1. |
security/apparmor/Makefile
1 | +# Makefile for AppArmor Linux Security Module | |
2 | +# | |
3 | +obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o | |
4 | + | |
5 | +apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ | |
6 | + path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ | |
7 | + resource.o sid.o file.o | |
8 | + | |
9 | +clean-files: capability_names.h af_names.h | |
10 | + | |
11 | +quiet_cmd_make-caps = GEN $@ | |
12 | +cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ | |
13 | + | |
14 | +quiet_cmd_make-rlim = GEN $@ | |
15 | +cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ | |
16 | + | |
17 | +$(obj)/capability.o : $(obj)/capability_names.h | |
18 | +$(obj)/resource.o : $(obj)/rlim_names.h | |
19 | +$(obj)/capability_names.h : $(srctree)/include/linux/capability.h | |
20 | + $(call cmd,make-caps) | |
21 | +$(obj)/af_names.h : $(srctree)/include/linux/socket.h | |
22 | + $(call cmd,make-af) | |
23 | +$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h | |
24 | + $(call cmd,make-rlim) |