summaryrefslogtreecommitdiff
path: root/security/apparmor/Kconfig
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-08-14 22:27:36 +0400
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 22:42:08 +0400
commitf8eb8a1324e81927b2c64823b2fc38386efd3fef (patch)
tree78ef80523807aeb5b084b29f8b698601c71292b2 /security/apparmor/Kconfig
parent84f1f787421cd83bb7dfb34d584586f6a5fe7baa (diff)
downloadlinux-f8eb8a1324e81927b2c64823b2fc38386efd3fef.tar.xz
apparmor: add the ability to report a sha1 hash of loaded policy
Provide userspace the ability to introspect a sha1 hash value for each profile currently loaded. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/Kconfig')
-rw-r--r--security/apparmor/Kconfig12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 9b9013b2e321..d49c53960b60 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -29,3 +29,15 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
boot.
If you are unsure how to answer this question, answer 1.
+
+config SECURITY_APPARMOR_HASH
+ bool "SHA1 hash of loaded profiles"
+ depends on SECURITY_APPARMOR
+ depends on CRYPTO
+ select CRYPTO_SHA1
+ default y
+
+ help
+ This option selects whether sha1 hashing is done against loaded
+ profiles and exported for inspection to user space via the apparmor
+ filesystem.