projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: abfb9c0) | patch
apparmor: Enable tuning of policy paranoid load for embedded systems
authorJohn Johansen <john.johansen@canonical.com>
Wed, 3 Feb 2021 09:35:12 +0000 (01:35 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Wed, 29 Dec 2021 01:23:58 +0000 (17:23 -0800)
commitfda01a1f8d07bf326c8f51da9e10742d5d3a802f
treed08424b2c9947e4e00243cd7d774db37951dc016tree
parentabfb9c0725f274c75ca2a51684c2dd842a8dc254commit | diff
apparmor: Enable tuning of policy paranoid load for embedded systems

AppArmor by default does an extensive check on loaded policy that
can take quite some time on limited resource systems. Allow
disabling this check for embedded systems where system images are
readonly and have checksumming making the need for the embedded
policy to be fully checked to be redundant.

Note: basic policy checks are still done.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/Kconfig diff | blob | blame | history
security/apparmor/lsm.c diff | blob | blame | history
security/apparmor/policy_unpack.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)