Merge tag 'iio-for-4.9a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio...

[cascardo/linux.git] / security / apparmor / Kconfig

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 232469b..be5e941 100644 (file)
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -31,13 +31,26 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
          If you are unsure how to answer this question, answer 1.
 
 config SECURITY_APPARMOR_HASH
-       bool "SHA1 hash of loaded profiles"
+       bool "Enable introspection of sha1 hashes for loaded profiles"
        depends on SECURITY_APPARMOR
        select CRYPTO
        select CRYPTO_SHA1
        default y
 
        help
-         This option selects whether sha1 hashing is done against loaded
-          profiles and exported for inspection to user space via the apparmor
-          filesystem.
+         This option selects whether introspection of loaded policy
+         is available to userspace via the apparmor filesystem.
+
+config SECURITY_APPARMOR_HASH_DEFAULT
+       bool "Enable policy hash introspection by default"
+       depends on SECURITY_APPARMOR_HASH
+       default y
+
+       help
+         This option selects whether sha1 hashing of loaded policy
+        is enabled by default. The generation of sha1 hashes for
+        loaded policy provide system administrators a quick way
+        to verify that policy in the kernel matches what is expected,
+        however it can slow down policy load on some devices. In
+        these cases policy hashing can be disabled by default and
+        enabled only if needed.