diff options
| -rw-r--r-- | security/apparmor/.gitignore | 5 | ||||
| -rw-r--r-- | security/apparmor/Kconfig | 31 | ||||
| -rw-r--r-- | security/apparmor/Makefile | 24 |
3 files changed, 60 insertions, 0 deletions
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore new file mode 100644 index 000000000000..0a0a99f3b083 --- /dev/null +++ b/security/apparmor/.gitignore | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # | ||
| 2 | # Generated include files | ||
| 3 | # | ||
| 4 | af_names.h | ||
| 5 | capability_names.h | ||
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig new file mode 100644 index 000000000000..72555b9ca7d6 --- /dev/null +++ b/security/apparmor/Kconfig | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | config SECURITY_APPARMOR | ||
| 2 | bool "AppArmor support" | ||
| 3 | depends on SECURITY | ||
| 4 | select AUDIT | ||
| 5 | select SECURITY_PATH | ||
| 6 | select SECURITYFS | ||
| 7 | select SECURITY_NETWORK | ||
| 8 | default n | ||
| 9 | help | ||
| 10 | This enables the AppArmor security module. | ||
| 11 | Required userspace tools (if they are not included in your | ||
| 12 | distribution) and further information may be found at | ||
| 13 | http://apparmor.wiki.kernel.org | ||
| 14 | |||
| 15 | If you are unsure how to answer this question, answer N. | ||
| 16 | |||
| 17 | config SECURITY_APPARMOR_BOOTPARAM_VALUE | ||
| 18 | int "AppArmor boot parameter default value" | ||
| 19 | depends on SECURITY_APPARMOR | ||
| 20 | range 0 1 | ||
| 21 | default 1 | ||
| 22 | help | ||
| 23 | This option sets the default value for the kernel parameter | ||
| 24 | 'apparmor', which allows AppArmor to be enabled or disabled | ||
| 25 | at boot. If this option is set to 0 (zero), the AppArmor | ||
| 26 | kernel parameter will default to 0, disabling AppArmor at | ||
| 27 | boot. If this option is set to 1 (one), the AppArmor | ||
| 28 | kernel parameter will default to 1, enabling AppArmor at | ||
| 29 | boot. | ||
| 30 | |||
| 31 | If you are unsure how to answer this question, answer 1. | ||
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile new file mode 100644 index 000000000000..f204869399ea --- /dev/null +++ b/security/apparmor/Makefile | |||
| @@ -0,0 +1,24 @@ | |||
| 1 | # Makefile for AppArmor Linux Security Module | ||
| 2 | # | ||
| 3 | obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o | ||
| 4 | |||
| 5 | apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ | ||
| 6 | path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ | ||
| 7 | resource.o sid.o file.o | ||
| 8 | |||
| 9 | clean-files: capability_names.h af_names.h | ||
| 10 | |||
| 11 | quiet_cmd_make-caps = GEN $@ | ||
| 12 | cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ | ||
| 13 | |||
| 14 | quiet_cmd_make-rlim = GEN $@ | ||
| 15 | cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ | ||
| 16 | |||
| 17 | $(obj)/capability.o : $(obj)/capability_names.h | ||
| 18 | $(obj)/resource.o : $(obj)/rlim_names.h | ||
| 19 | $(obj)/capability_names.h : $(srctree)/include/linux/capability.h | ||
| 20 | $(call cmd,make-caps) | ||
| 21 | $(obj)/af_names.h : $(srctree)/include/linux/socket.h | ||
| 22 | $(call cmd,make-af) | ||
| 23 | $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h | ||
| 24 | $(call cmd,make-rlim) | ||