summaryrefslogtreecommitdiffstats
path: root/security/apparmor/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/Kconfig')
-rw-r--r--security/apparmor/Kconfig31
1 files changed, 29 insertions, 2 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index be5e9414a295..b6b68a7750ce 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH
select CRYPTO
select CRYPTO_SHA1
default y
-
help
This option selects whether introspection of loaded policy
is available to userspace via the apparmor filesystem.
@@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT
bool "Enable policy hash introspection by default"
depends on SECURITY_APPARMOR_HASH
default y
-
help
This option selects whether sha1 hashing of loaded policy
is enabled by default. The generation of sha1 hashes for
@@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT
however it can slow down policy load on some devices. In
these cases policy hashing can be disabled by default and
enabled only if needed.
+
+config SECURITY_APPARMOR_DEBUG
+ bool "Build AppArmor with debug code"
+ depends on SECURITY_APPARMOR
+ default n
+ help
+ Build apparmor with debugging logic in apparmor. Not all
+ debugging logic will necessarily be enabled. A submenu will
+ provide fine grained control of the debug options that are
+ available.
+
+config SECURITY_APPARMOR_DEBUG_ASSERTS
+ bool "Build AppArmor with debugging asserts"
+ depends on SECURITY_APPARMOR_DEBUG
+ default y
+ help
+ Enable code assertions made with AA_BUG. These are primarily
+ function entry preconditions but also exist at other key
+ points. If the assert is triggered it will trigger a WARN
+ message.
+
+config SECURITY_APPARMOR_DEBUG_MESSAGES
+ bool "Debug messages enabled by default"
+ depends on SECURITY_APPARMOR_DEBUG
+ default n
+ help
+ Set the default value of the apparmor.debug kernel parameter.
+ When enabled, various debug messages will be logged to
+ the kernel message buffer.
OpenPOWER on IntegriCloud