Formatting of Kconfig files doesn't look so pretty, so let the Great White Handkerchief come around and clean it up.
Signed-off-by: Enrico Weigelt, metux IT consult <[email protected]> --- security/apparmor/Kconfig | 22 +++++++++++----------- security/integrity/Kconfig | 32 ++++++++++++++++---------------- security/integrity/evm/Kconfig | 10 +++++----- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig index 3de21f4..d93810d 100644 --- a/security/apparmor/Kconfig +++ b/security/apparmor/Kconfig @@ -25,17 +25,17 @@ config SECURITY_APPARMOR_HASH is available to userspace via the apparmor filesystem. config SECURITY_APPARMOR_HASH_DEFAULT - bool "Enable policy hash introspection by default" - depends on SECURITY_APPARMOR_HASH - default y - help - This option selects whether sha1 hashing of loaded policy - is enabled by default. The generation of sha1 hashes for - loaded policy provide system administrators a quick way - to verify that policy in the kernel matches what is expected, - however it can slow down policy load on some devices. In - these cases policy hashing can be disabled by default and - enabled only if needed. + bool "Enable policy hash introspection by default" + depends on SECURITY_APPARMOR_HASH + default y + help + This option selects whether sha1 hashing of loaded policy + is enabled by default. The generation of sha1 hashes for + loaded policy provide system administrators a quick way + to verify that policy in the kernel matches what is expected, + however it can slow down policy load on some devices. In + these cases policy hashing can be disabled by default and + enabled only if needed. config SECURITY_APPARMOR_DEBUG bool "Build AppArmor with debug code" diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 2ea4ec9..690bc1d 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -33,10 +33,10 @@ config INTEGRITY_ASYMMETRIC_KEYS bool "Enable asymmetric keys support" depends on INTEGRITY_SIGNATURE default n - select ASYMMETRIC_KEY_TYPE - select ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select CRYPTO_RSA - select X509_CERTIFICATE_PARSER + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select CRYPTO_RSA + select X509_CERTIFICATE_PARSER help This option enables digital signature verification using asymmetric keys. @@ -47,20 +47,20 @@ config INTEGRITY_TRUSTED_KEYRING depends on INTEGRITY_ASYMMETRIC_KEYS default y help - This option requires that all keys added to the .ima and - .evm keyrings be signed by a key on the system trusted - keyring. + This option requires that all keys added to the .ima and + .evm keyrings be signed by a key on the system trusted + keyring. config INTEGRITY_PLATFORM_KEYRING - bool "Provide keyring for platform/firmware trusted keys" - depends on INTEGRITY_ASYMMETRIC_KEYS - depends on SYSTEM_BLACKLIST_KEYRING - depends on EFI - help - Provide a separate, distinct keyring for platform trusted keys, which - the kernel automatically populates during initialization from values - provided by the platform for verifying the kexec'ed kerned image - and, possibly, the initramfs signature. + bool "Provide keyring for platform/firmware trusted keys" + depends on INTEGRITY_ASYMMETRIC_KEYS + depends on SYSTEM_BLACKLIST_KEYRING + depends on EFI + help + Provide a separate, distinct keyring for platform trusted keys, which + the kernel automatically populates during initialization from values + provided by the platform for verifying the kexec'ed kerned image + and, possibly, the initramfs signature. config INTEGRITY_AUDIT bool "Enables integrity auditing support " diff --git a/security/integrity/evm/Kconfig b/security/integrity/evm/Kconfig index 6022185..ab5d9ae 100644 --- a/security/integrity/evm/Kconfig +++ b/security/integrity/evm/Kconfig @@ -59,15 +59,15 @@ config EVM_LOAD_X509 depends on EVM && INTEGRITY_TRUSTED_KEYRING default n help - Load an X509 certificate onto the '.evm' trusted keyring. + Load an X509 certificate onto the '.evm' trusted keyring. - This option enables X509 certificate loading from the kernel - onto the '.evm' trusted keyring. A public key can be used to - verify EVM integrity starting from the 'init' process. + This option enables X509 certificate loading from the kernel + onto the '.evm' trusted keyring. A public key can be used to + verify EVM integrity starting from the 'init' process. config EVM_X509_PATH string "EVM X509 certificate path" depends on EVM_LOAD_X509 default "/etc/keys/x509_evm.der" help - This option defines X509 certificate path. + This option defines X509 certificate path. -- 1.9.1
