Signed-off-by: John Johansen Signed-off-by: Andreas Gruenbacher --- security/Kconfig | 1 + security/Makefile | 1 + security/apparmor/Kconfig | 21 +++++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) --- a/security/Kconfig +++ b/security/Kconfig @@ -104,6 +104,7 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. source security/selinux/Kconfig +source security/apparmor/Kconfig endmenu --- a/security/Makefile +++ b/security/Makefile @@ -14,5 +14,6 @@ endif obj-$(CONFIG_SECURITY) += security.o dummy.o inode.o # Must precede capability.o in order to stack properly. obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o +obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/ obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -1,9 +1,26 @@ config SECURITY_APPARMOR - tristate "AppArmor support" - depends on SECURITY!=n + bool "AppArmor support" + depends on SECURITY + select AUDIT help This enables the AppArmor security module. Required userspace tools (if they are not included in your distribution) and further information may be found at + If you are unsure how to answer this question, answer N. + +config SECURITY_APPARMOR_BOOTPARAM_VALUE + int "AppArmor boot parameter default value" + depends on SECURITY_APPARMOR + range 0 1 + default 1 + help + This option sets the default value for the kernel parameter + 'apparmor', which controls whether AppArmor is enabled at + boot. If this option is set to 0 (zero), AppArmor will + be disabled by default, requiring the kernel parameter + be set to 1 (one) to enable it. If this option is + set to 1 (one), AppArmor will be enabled by default. + + If you are unsure how to answer this question, answer 1. --