Commit 016d825f authored by John Johansen's avatar John Johansen Committed by James Morris
Browse files

AppArmor: Enable configuring and building of the AppArmor security module 



Kconfig and Makefiles to enable configuration and building of AppArmor.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 484ca79c

security/apparmor/.gitignore

0 → 100644
+5 −0
Original line number Diff line number Diff line 
#

# Generated include files

#

af_names.h

capability_names.h

security/apparmor/Kconfig

0 → 100644
+31 −0
Original line number Diff line number Diff line 
config SECURITY_APPARMOR

	bool "AppArmor support"

	depends on SECURITY

	select AUDIT

	select SECURITY_PATH

	select SECURITYFS

	select SECURITY_NETWORK

	default n

	help

	  This enables the AppArmor security module.

	  Required userspace tools (if they are not included in your

	  distribution) and further information may be found at

	  http://apparmor.wiki.kernel.org



	  If you are unsure how to answer this question, answer N.



config SECURITY_APPARMOR_BOOTPARAM_VALUE

	int "AppArmor boot parameter default value"

	depends on SECURITY_APPARMOR

	range 0 1

	default 1

	help

	  This option sets the default value for the kernel parameter

	  'apparmor', which allows AppArmor to be enabled or disabled

          at boot.  If this option is set to 0 (zero), the AppArmor

	  kernel parameter will default to 0, disabling AppArmor at

	  boot.  If this option is set to 1 (one), the AppArmor

	  kernel parameter will default to 1, enabling AppArmor at

	  boot.



	  If you are unsure how to answer this question, answer 1.

security/apparmor/Makefile

0 → 100644
+24 −0
Original line number Diff line number Diff line 
# Makefile for AppArmor Linux Security Module

#

obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o



apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \

              path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \

              resource.o sid.o file.o



clean-files: capability_names.h af_names.h



quiet_cmd_make-caps = GEN     $@

cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@



quiet_cmd_make-rlim = GEN     $@

cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@



$(obj)/capability.o : $(obj)/capability_names.h

$(obj)/resource.o : $(obj)/rlim_names.h

$(obj)/capability_names.h : $(srctree)/include/linux/capability.h

	$(call cmd,make-caps)

$(obj)/af_names.h : $(srctree)/include/linux/socket.h

	$(call cmd,make-af)

$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h

	$(call cmd,make-rlim)

CRA Git | Maintained and supported by SUSTech CRA and CCSE