config SECURITY_APPARMOR bool "AppArmor support" depends on SECURITY && NET select AUDIT select SECURITY_PATH select SECURITYFS select SECURITY_NETWORK default n help This enables the AppArmor security module. Required userspace tools (if they are not included in your distribution) and further information may be found at http://apparmor.wiki.kernel.org If you are unsure how to answer this question, answer N. config SECURITY_APPARMOR_BOOTPARAM_VALUE int "AppArmor boot parameter default value" depends on SECURITY_APPARMOR range 0 1 default 1 help This option sets the default value for the kernel parameter 'apparmor', which allows AppArmor to be enabled or disabled at boot. If this option is set to 0 (zero), the AppArmor kernel parameter will default to 0, disabling AppArmor at boot. If this option is set to 1 (one), the AppArmor kernel parameter will default to 1, enabling AppArmor at boot. If you are unsure how to answer this question, answer 1. config SECURITY_APPARMOR_HASH bool "Enable introspection of sha1 hashes for loaded profiles" depends on SECURITY_APPARMOR select CRYPTO select CRYPTO_SHA1 default y help This option selects whether introspection of loaded policy is available to userspace via the apparmor filesystem. config SECURITY_APPARMOR_HASH_DEFAULT bool "Enable policy hash introspection by default" depends on SECURITY_APPARMOR_HASH default y help This option selects whether sha1 hashing of loaded policy is enabled by default. The generation of sha1 hashes for loaded policy provide system administrators a quick way to verify that policy in the kernel matches what is expected, however it can slow down policy load on some devices. In these cases policy hashing can be disabled by default and enabled only if needed.