40 lines
1.3 KiB
Text
40 lines
1.3 KiB
Text
|
--- What is AppArmor? ---
|
||
|
|
|
||
|
|
AppArmor is MAC style security extension for the Linux kernel. It implements
|
||
|
|
a task centered policy, with task "profiles" being created and loaded
|
||
|
|
from user space. Tasks on the system that do not have a profile defined for
|
||
|
|
them run in an unconfined state which is equivalent to standard Linux DAC
|
||
|
|
permissions.
|
||
|
|
|
||
|
|
--- How to enable/disable ---
|
||
|
|
|
||
|
|
set CONFIG_SECURITY_APPARMOR=y
|
||
|
|
|
||
|
|
If AppArmor should be selected as the default security module then
|
||
|
|
set CONFIG_DEFAULT_SECURITY="apparmor"
|
||
|
|
and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
|
||
|
|
|
||
|
|
Build the kernel
|
||
|
|
|
||
|
|
If AppArmor is not the default security module it can be enabled by passing
|
||
|
|
security=apparmor on the kernel's command line.
|
||
|
|
|
||
|
|
If AppArmor is the default security module it can be disabled by passing
|
||
|
|
apparmor=0, security=XXXX (where XXX is valid security module), on the
|
||
|
|
kernel's command line
|
||
|
|
|
||
|
|
For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
|
||
|
|
policy must be loaded into the kernel from user space (see the Documentation
|
||
|
|
and tools links).
|
||
|
|
|
||
|
|
--- Documentation ---
|
||
|
|
|
||
|
|
Documentation can be found on the wiki.
|
||
|
|
|
||
|
|
--- Links ---
|
||
|
|
|
||
|
|
Mailing List - apparmor@lists.ubuntu.com
|
||
|
|
Wiki - http://apparmor.wiki.kernel.org/
|
||
|
|
User space tools - https://launchpad.net/apparmor
|
||
|
|
Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
|