Commit 016d825fe02cd20fd8803ca37a1e6d428fe878f6
Committed by
James Morris
James Morris
1 parent
484ca79c65
Exists in
master
and in
7 other branches
AppArmor: Enable configuring and building of the AppArmor security module
Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 60 additions and 0 deletions Side-by-side Diff
security/apparmor/.gitignore
security/apparmor/Kconfig
| 1 | +config SECURITY_APPARMOR | |
| 2 | + bool "AppArmor support" | |
| 3 | + depends on SECURITY | |
| 4 | + select AUDIT | |
| 5 | + select SECURITY_PATH | |
| 6 | + select SECURITYFS | |
| 7 | + select SECURITY_NETWORK | |
| 8 | + default n | |
| 9 | + help | |
| 10 | + This enables the AppArmor security module. | |
| 11 | + Required userspace tools (if they are not included in your | |
| 12 | + distribution) and further information may be found at | |
| 13 | + http://apparmor.wiki.kernel.org | |
| 14 | + | |
| 15 | + If you are unsure how to answer this question, answer N. | |
| 16 | + | |
| 17 | +config SECURITY_APPARMOR_BOOTPARAM_VALUE | |
| 18 | + int "AppArmor boot parameter default value" | |
| 19 | + depends on SECURITY_APPARMOR | |
| 20 | + range 0 1 | |
| 21 | + default 1 | |
| 22 | + help | |
| 23 | + This option sets the default value for the kernel parameter | |
| 24 | + 'apparmor', which allows AppArmor to be enabled or disabled | |
| 25 | + at boot. If this option is set to 0 (zero), the AppArmor | |
| 26 | + kernel parameter will default to 0, disabling AppArmor at | |
| 27 | + boot. If this option is set to 1 (one), the AppArmor | |
| 28 | + kernel parameter will default to 1, enabling AppArmor at | |
| 29 | + boot. | |
| 30 | + | |
| 31 | + If you are unsure how to answer this question, answer 1. |
security/apparmor/Makefile
| 1 | +# Makefile for AppArmor Linux Security Module | |
| 2 | +# | |
| 3 | +obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o | |
| 4 | + | |
| 5 | +apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ | |
| 6 | + path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ | |
| 7 | + resource.o sid.o file.o | |
| 8 | + | |
| 9 | +clean-files: capability_names.h af_names.h | |
| 10 | + | |
| 11 | +quiet_cmd_make-caps = GEN $@ | |
| 12 | +cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ | |
| 13 | + | |
| 14 | +quiet_cmd_make-rlim = GEN $@ | |
| 15 | +cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ | |
| 16 | + | |
| 17 | +$(obj)/capability.o : $(obj)/capability_names.h | |
| 18 | +$(obj)/resource.o : $(obj)/rlim_names.h | |
| 19 | +$(obj)/capability_names.h : $(srctree)/include/linux/capability.h | |
| 20 | + $(call cmd,make-caps) | |
| 21 | +$(obj)/af_names.h : $(srctree)/include/linux/socket.h | |
| 22 | + $(call cmd,make-af) | |
| 23 | +$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h | |
| 24 | + $(call cmd,make-rlim) |