aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-07-29 23:46:33 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:38:39 -0400
commit016d825fe02cd20fd8803ca37a1e6d428fe878f6 (patch)
treeb36bafad46e09a1a62f3521536a703c58540f675 /security
parent484ca79c653121d3c79fffb86e1deea724f2e20b (diff)
AppArmor: Enable configuring and building of the AppArmor security module
Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/.gitignore5
-rw-r--r--security/apparmor/Kconfig31
-rw-r--r--security/apparmor/Makefile24
3 files changed, 60 insertions, 0 deletions
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
new file mode 100644
index 000000000000..0a0a99f3b083
--- /dev/null
+++ b/security/apparmor/.gitignore
@@ -0,0 +1,5 @@
1#
2# Generated include files
3#
4af_names.h
5capability_names.h
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
new file mode 100644
index 000000000000..72555b9ca7d6
--- /dev/null
+++ b/security/apparmor/Kconfig
@@ -0,0 +1,31 @@
1config SECURITY_APPARMOR
2 bool "AppArmor support"
3 depends on SECURITY
4 select AUDIT
5 select SECURITY_PATH
6 select SECURITYFS
7 select SECURITY_NETWORK
8 default n
9 help
10 This enables the AppArmor security module.
11 Required userspace tools (if they are not included in your
12 distribution) and further information may be found at
13 http://apparmor.wiki.kernel.org
14
15 If you are unsure how to answer this question, answer N.
16
17config SECURITY_APPARMOR_BOOTPARAM_VALUE
18 int "AppArmor boot parameter default value"
19 depends on SECURITY_APPARMOR
20 range 0 1
21 default 1
22 help
23 This option sets the default value for the kernel parameter
24 'apparmor', which allows AppArmor to be enabled or disabled
25 at boot. If this option is set to 0 (zero), the AppArmor
26 kernel parameter will default to 0, disabling AppArmor at
27 boot. If this option is set to 1 (one), the AppArmor
28 kernel parameter will default to 1, enabling AppArmor at
29 boot.
30
31 If you are unsure how to answer this question, answer 1.
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
new file mode 100644
index 000000000000..f204869399ea
--- /dev/null
+++ b/security/apparmor/Makefile
@@ -0,0 +1,24 @@
1# Makefile for AppArmor Linux Security Module
2#
3obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
4
5apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
6 path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
7 resource.o sid.o file.o
8
9clean-files: capability_names.h af_names.h
10
11quiet_cmd_make-caps = GEN $@
12cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
13
14quiet_cmd_make-rlim = GEN $@
15cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
16
17$(obj)/capability.o : $(obj)/capability_names.h
18$(obj)/resource.o : $(obj)/rlim_names.h
19$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
20 $(call cmd,make-caps)
21$(obj)/af_names.h : $(srctree)/include/linux/socket.h
22 $(call cmd,make-af)
23$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
24 $(call cmd,make-rlim)