AppArmor: Enable configuring and building of the AppArmor security module

Kconfig and Makefiles to enable configuration and building of AppArmor. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
2025-02-07 12:00:38 +00:00 · 2010-07-30 13:46:33 +10:00 · 2010-07-30 13:46:33 +10:00 · 016d825fe0
commit 016d825fe0
parent 484ca79c65
3 changed files with 60 additions and 0 deletions
--- a/security/apparmor/.gitignore
+++ b/security/apparmor/.gitignore
@ -0,0 +1,5 @@
 #
 # Generated include files
 #
 af_names.h
 capability_names.h
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@ -0,0 +1,31 @@
 config SECURITY_APPARMOR
 	bool "AppArmor support"
 	depends on SECURITY
 	select AUDIT
 	select SECURITY_PATH
 	select SECURITYFS
 	select SECURITY_NETWORK
 	default n
 	help
 	  This enables the AppArmor security module.
 	  Required userspace tools (if they are not included in your
 	  distribution) and further information may be found at
 	  http://apparmor.wiki.kernel.org
 	  If you are unsure how to answer this question, answer N.
 config SECURITY_APPARMOR_BOOTPARAM_VALUE
 	int "AppArmor boot parameter default value"
 	depends on SECURITY_APPARMOR
 	range 0 1
 	default 1
 	help
 	  This option sets the default value for the kernel parameter
 	  'apparmor', which allows AppArmor to be enabled or disabled
          at boot.  If this option is set to 0 (zero), the AppArmor
 	  kernel parameter will default to 0, disabling AppArmor at
 	  boot.  If this option is set to 1 (one), the AppArmor
 	  kernel parameter will default to 1, enabling AppArmor at
 	  boot.
 	  If you are unsure how to answer this question, answer 1.
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@ -0,0 +1,24 @@
 # Makefile for AppArmor Linux Security Module
 #
 obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
              path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
              resource.o sid.o file.o
 clean-files: capability_names.h af_names.h
 quiet_cmd_make-caps = GEN     $@
 cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
 quiet_cmd_make-rlim = GEN     $@
 cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2]  = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
 $(obj)/capability.o : $(obj)/capability_names.h
 $(obj)/resource.o : $(obj)/rlim_names.h
 $(obj)/capability_names.h : $(srctree)/include/linux/capability.h
 	$(call cmd,make-caps)
 $(obj)/af_names.h : $(srctree)/include/linux/socket.h
 	$(call cmd,make-af)
 $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
 	$(call cmd,make-rlim)