diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-01-16 00:42:27 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 01:18:24 -0800 |
| commit | 680cd62e910d7b7e3c1fcde6ba67c6ca770c2286 (patch) | |
| tree | 76730905bf9676fefb5070d908a13085ebb32394 /security/apparmor/Kconfig | |
| parent | 57e36bbd67bd1509f550311b162be78cadfe887b (diff) | |
| download | op-kernel-dev-680cd62e910d7b7e3c1fcde6ba67c6ca770c2286.zip op-kernel-dev-680cd62e910d7b7e3c1fcde6ba67c6ca770c2286.tar.gz | |
apparmor: add debug assert AA_BUG and Kconfig to control debug info
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/Kconfig')
| -rw-r--r-- | security/apparmor/Kconfig | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index be5e941..b6b68a7 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -36,7 +36,6 @@ config SECURITY_APPARMOR_HASH select CRYPTO select CRYPTO_SHA1 default y - help This option selects whether introspection of loaded policy is available to userspace via the apparmor filesystem. @@ -45,7 +44,6 @@ config SECURITY_APPARMOR_HASH_DEFAULT bool "Enable policy hash introspection by default" depends on SECURITY_APPARMOR_HASH default y - help This option selects whether sha1 hashing of loaded policy is enabled by default. The generation of sha1 hashes for @@ -54,3 +52,32 @@ config SECURITY_APPARMOR_HASH_DEFAULT however it can slow down policy load on some devices. In these cases policy hashing can be disabled by default and enabled only if needed. + +config SECURITY_APPARMOR_DEBUG + bool "Build AppArmor with debug code" + depends on SECURITY_APPARMOR + default n + help + Build apparmor with debugging logic in apparmor. Not all + debugging logic will necessarily be enabled. A submenu will + provide fine grained control of the debug options that are + available. + +config SECURITY_APPARMOR_DEBUG_ASSERTS + bool "Build AppArmor with debugging asserts" + depends on SECURITY_APPARMOR_DEBUG + default y + help + Enable code assertions made with AA_BUG. These are primarily + function entry preconditions but also exist at other key + points. If the assert is triggered it will trigger a WARN + message. + +config SECURITY_APPARMOR_DEBUG_MESSAGES + bool "Debug messages enabled by default" + depends on SECURITY_APPARMOR_DEBUG + default n + help + Set the default value of the apparmor.debug kernel parameter. + When enabled, various debug messages will be logged to + the kernel message buffer. |
