AppArmor: Enable configuring and building of the AppArmor security module

Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
author: John Johansen <john.johansen@canonical.com> 2010-07-29 23:46:33 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:38:39 -0400
commit: 016d825fe02cd20fd8803ca37a1e6d428fe878f6 (patch)
tree: b36bafad46e09a1a62f3521536a703c58540f675 /security
parent: 484ca79c653121d3c79fffb86e1deea724f2e20b (diff)
3 files changed, 60 insertions, 0 deletions
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
new file mode 100644
index 000000000000..0a0a99f3b083
--- /dev/null
+++ b/security/apparmor/.gitignore
@@ -0,0 +1,5 @@
+#
+# Generated include files
+#
+af_names.h
+capability_names.h
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
new file mode 100644
index 000000000000..72555b9ca7d6
--- /dev/null
+++ b/security/apparmor/Kconfig
@@ -0,0 +1,31 @@
+config SECURITY_APPARMOR
+        bool "AppArmor support"
+        depends on SECURITY
+        select AUDIT
+        select SECURITY_PATH
+        select SECURITYFS
+        select SECURITY_NETWORK
+        default n
+        help
+          This enables the AppArmor security module.
+          Required userspace tools (if they are not included in your
+          distribution) and further information may be found at
+          http://apparmor.wiki.kernel.org
+          If you are unsure how to answer this question, answer N.
+config SECURITY_APPARMOR_BOOTPARAM_VALUE
+        int "AppArmor boot parameter default value"
+        depends on SECURITY_APPARMOR
+        range 0 1
+        default 1
+        help
+          This option sets the default value for the kernel parameter
+          'apparmor', which allows AppArmor to be enabled or disabled
+          at boot.  If this option is set to 0 (zero), the AppArmor
+          kernel parameter will default to 0, disabling AppArmor at
+          boot.  If this option is set to 1 (one), the AppArmor
+          kernel parameter will default to 1, enabling AppArmor at
+          boot.
+          If you are unsure how to answer this question, answer 1.
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
new file mode 100644
index 000000000000..f204869399ea
--- /dev/null
+++ b/security/apparmor/Makefile
@@ -0,0 +1,24 @@
+# Makefile for AppArmor Linux Security Module
+#
+obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
+apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
+              path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
+              resource.o sid.o file.o
+clean-files: capability_names.h af_names.h
+quiet_cmd_make-caps = GEN     $@
+cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
+quiet_cmd_make-rlim = GEN     $@
+cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
+$(obj)/capability.o : $(obj)/capability_names.h
+$(obj)/resource.o : $(obj)/rlim_names.h
+$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
+        $(call cmd,make-caps)
+$(obj)/af_names.h : $(srctree)/include/linux/socket.h
+        $(call cmd,make-af)
+$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
+        $(call cmd,make-rlim)
author	John Johansen <john.johansen@canonical.com>	2010-07-29 23:46:33 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:38:39 -0400
commit	016d825fe02cd20fd8803ca37a1e6d428fe878f6 (patch)
tree	b36bafad46e09a1a62f3521536a703c58540f675 /security
parent	484ca79c653121d3c79fffb86e1deea724f2e20b (diff)

diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore new file mode 100644 index 000000000000..0a0a99f3b083 --- /dev/null +++ b/security/apparmor/.gitignore
@@ -0,0 +1,5 @@
	1	#
	2	# Generated include files
	3	#
	4	af_names.h
	5	capability_names.h


diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig new file mode 100644 index 000000000000..72555b9ca7d6 --- /dev/null +++ b/security/apparmor/Kconfig
@@ -0,0 +1,31 @@
	1	config SECURITY_APPARMOR
	2	bool "AppArmor support"
	3	depends on SECURITY
	4	select AUDIT
	5	select SECURITY_PATH
	6	select SECURITYFS
	7	select SECURITY_NETWORK
	8	default n
	9	help
	10	This enables the AppArmor security module.
	11	Required userspace tools (if they are not included in your
	12	distribution) and further information may be found at
	13	http://apparmor.wiki.kernel.org
	14
	15	If you are unsure how to answer this question, answer N.
	16
	17	config SECURITY_APPARMOR_BOOTPARAM_VALUE
	18	int "AppArmor boot parameter default value"
	19	depends on SECURITY_APPARMOR
	20	range 0 1
	21	default 1
	22	help
	23	This option sets the default value for the kernel parameter
	24	'apparmor', which allows AppArmor to be enabled or disabled
	25	at boot. If this option is set to 0 (zero), the AppArmor
	26	kernel parameter will default to 0, disabling AppArmor at
	27	boot. If this option is set to 1 (one), the AppArmor
	28	kernel parameter will default to 1, enabling AppArmor at
	29	boot.
	30
	31	If you are unsure how to answer this question, answer 1.


diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile new file mode 100644 index 000000000000..f204869399ea --- /dev/null +++ b/security/apparmor/Makefile
@@ -0,0 +1,24 @@
	1	# Makefile for AppArmor Linux Security Module
	2	#
	3	obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
	4
	5	apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
	6	path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
	7	resource.o sid.o file.o
	8
	9	clean-files: capability_names.h af_names.h
	10
	11	quiet_cmd_make-caps = GEN $@
	12	cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< \| tr A-Z a-z >> $@ ; echo "};" >> $@
	13
	14	quiet_cmd_make-rlim = GEN $@
	15	cmd_make-rlim = echo "static const char rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.\\)\$$/[\\2] = \"\\1\",/p" $< \| tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
	16
	17	$(obj)/capability.o : $(obj)/capability_names.h
	18	$(obj)/resource.o : $(obj)/rlim_names.h
	19	$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
	20	$(call cmd,make-caps)
	21	$(obj)/af_names.h : $(srctree)/include/linux/socket.h
	22	$(call cmd,make-af)
	23	$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
	24	$(call cmd,make-rlim)