diff options
| author | John Johansen <john.johansen@canonical.com> | 2021-02-01 03:43:18 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-07-09 15:13:59 -0700 |
| commit | d61c57fde81915c04b41982f66a159ccc014e799 (patch) | |
| tree | b16d5eda5b6e54da16541ec8f7d911411f409ef5 /security/apparmor/lsm.c | |
| parent | 65cc9c391c3c4096ccc47ecd8b9f58f470b57225 (diff) | |
| download | linux-d61c57fde81915c04b41982f66a159ccc014e799.tar.gz linux-d61c57fde81915c04b41982f66a159ccc014e799.tar.bz2 linux-d61c57fde81915c04b41982f66a159ccc014e799.zip | |
apparmor: make export of raw binary profile to userspace optional
Embedded systems have limited space and don't need the introspection
or checkpoint restore capability provided by exporting the raw
profile binary data so make it so make it a config option.
This will reduce run time memory use and also speed up policy loads.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
| -rw-r--r-- | security/apparmor/lsm.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 2654bcb5f462..84a4e63d922d 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1357,6 +1357,12 @@ bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); #endif +/* whether policy exactly as loaded is retained for debug and checkpointing */ +bool aa_g_export_binary = IS_ENABLED(CONFIG_SECURITY_APPARMOR_EXPORT_BINARY); +#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY +module_param_named(export_binary, aa_g_export_binary, aabool, 0600); +#endif + /* policy loaddata compression level */ int aa_g_rawdata_compression_level = Z_DEFAULT_COMPRESSION; module_param_named(rawdata_compression_level, aa_g_rawdata_compression_level, |