]> www.infradead.org Git - users/griffoul/linux.git/commitdiff
AppArmor: Enable configuring and building of the AppArmor security module
authorJohn Johansen <john.johansen@canonical.com>
Fri, 30 Jul 2010 03:46:33 +0000 (13:46 +1000)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:38:39 +0000 (15:38 +1000)
Kconfig and Makefiles to enable configuration and building of AppArmor.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/apparmor/.gitignore [new file with mode: 0644]
security/apparmor/Kconfig [new file with mode: 0644]
security/apparmor/Makefile [new file with mode: 0644]

diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
new file mode 100644 (file)
index 0000000..0a0a99f
--- /dev/null
@@ -0,0 +1,5 @@
+#
+# Generated include files
+#
+af_names.h
+capability_names.h
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
new file mode 100644 (file)
index 0000000..72555b9
--- /dev/null
@@ -0,0 +1,31 @@
+config SECURITY_APPARMOR
+       bool "AppArmor support"
+       depends on SECURITY
+       select AUDIT
+       select SECURITY_PATH
+       select SECURITYFS
+       select SECURITY_NETWORK
+       default n
+       help
+         This enables the AppArmor security module.
+         Required userspace tools (if they are not included in your
+         distribution) and further information may be found at
+         http://apparmor.wiki.kernel.org
+
+         If you are unsure how to answer this question, answer N.
+
+config SECURITY_APPARMOR_BOOTPARAM_VALUE
+       int "AppArmor boot parameter default value"
+       depends on SECURITY_APPARMOR
+       range 0 1
+       default 1
+       help
+         This option sets the default value for the kernel parameter
+         'apparmor', which allows AppArmor to be enabled or disabled
+          at boot.  If this option is set to 0 (zero), the AppArmor
+         kernel parameter will default to 0, disabling AppArmor at
+         boot.  If this option is set to 1 (one), the AppArmor
+         kernel parameter will default to 1, enabling AppArmor at
+         boot.
+
+         If you are unsure how to answer this question, answer 1.
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
new file mode 100644 (file)
index 0000000..f204869
--- /dev/null
@@ -0,0 +1,24 @@
+# Makefile for AppArmor Linux Security Module
+#
+obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
+
+apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
+              path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
+              resource.o sid.o file.o
+
+clean-files: capability_names.h af_names.h
+
+quiet_cmd_make-caps = GEN     $@
+cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
+
+quiet_cmd_make-rlim = GEN     $@
+cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
+
+$(obj)/capability.o : $(obj)/capability_names.h
+$(obj)/resource.o : $(obj)/rlim_names.h
+$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
+       $(call cmd,make-caps)
+$(obj)/af_names.h : $(srctree)/include/linux/socket.h
+       $(call cmd,make-af)
+$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
+       $(call cmd,make-rlim)