cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

Kconfig (2923B)

      1# SPDX-License-Identifier: GPL-2.0-only
      2config SECURITY_APPARMOR
      3	bool "AppArmor support"
      4	depends on SECURITY && NET
      5	select AUDIT
      6	select SECURITY_PATH
      7	select SECURITYFS
      8	select SECURITY_NETWORK
      9	select ZLIB_INFLATE
     10	select ZLIB_DEFLATE
     11	default n
     12	help
     13	  This enables the AppArmor security module.
     14	  Required userspace tools (if they are not included in your
     15	  distribution) and further information may be found at
     16	  http://apparmor.wiki.kernel.org
     17
     18	  If you are unsure how to answer this question, answer N.
     19
     20config SECURITY_APPARMOR_HASH
     21	bool "Enable introspection of sha1 hashes for loaded profiles"
     22	depends on SECURITY_APPARMOR
     23	select CRYPTO
     24	select CRYPTO_SHA1
     25	default y
     26	help
     27	  This option selects whether introspection of loaded policy
     28	  is available to userspace via the apparmor filesystem.
     29
     30config SECURITY_APPARMOR_HASH_DEFAULT
     31       bool "Enable policy hash introspection by default"
     32       depends on SECURITY_APPARMOR_HASH
     33       default y
     34       help
     35         This option selects whether sha1 hashing of loaded policy
     36	 is enabled by default. The generation of sha1 hashes for
     37	 loaded policy provide system administrators a quick way
     38	 to verify that policy in the kernel matches what is expected,
     39	 however it can slow down policy load on some devices. In
     40	 these cases policy hashing can be disabled by default and
     41	 enabled only if needed.
     42
     43config SECURITY_APPARMOR_DEBUG
     44	bool "Build AppArmor with debug code"
     45	depends on SECURITY_APPARMOR
     46	default n
     47	help
     48	  Build apparmor with debugging logic in apparmor. Not all
     49	  debugging logic will necessarily be enabled. A submenu will
     50	  provide fine grained control of the debug options that are
     51	  available.
     52
     53config SECURITY_APPARMOR_DEBUG_ASSERTS
     54	bool "Build AppArmor with debugging asserts"
     55	depends on SECURITY_APPARMOR_DEBUG
     56	default y
     57	help
     58	  Enable code assertions made with AA_BUG. These are primarily
     59	  function entry preconditions but also exist at other key
     60	  points. If the assert is triggered it will trigger a WARN
     61	  message.
     62
     63config SECURITY_APPARMOR_DEBUG_MESSAGES
     64	bool "Debug messages enabled by default"
     65	depends on SECURITY_APPARMOR_DEBUG
     66	default n
     67	help
     68	  Set the default value of the apparmor.debug kernel parameter.
     69	  When enabled, various debug messages will be logged to
     70	  the kernel message buffer.
     71
     72config SECURITY_APPARMOR_KUNIT_TEST
     73	bool "Build KUnit tests for policy_unpack.c" if !KUNIT_ALL_TESTS
     74	depends on KUNIT=y && SECURITY_APPARMOR
     75	default KUNIT_ALL_TESTS
     76	help
     77	  This builds the AppArmor KUnit tests.
     78
     79	  KUnit tests run during boot and output the results to the debug log
     80	  in TAP format (https://testanything.org/). Only useful for kernel devs
     81	  running KUnit test harness and are not for inclusion into a
     82	  production build.
     83
     84	  For more information on KUnit and unit tests in general please refer
     85	  to the KUnit documentation in Documentation/dev-tools/kunit/.
     86
     87	  If unsure, say N.