52 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			52 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| ========
 | |
| AppArmor
 | |
| ========
 | |
| 
 | |
| What is AppArmor?
 | |
| =================
 | |
| 
 | |
| AppArmor is MAC style security extension for the Linux kernel.  It implements
 | |
| a task centered policy, with task "profiles" being created and loaded
 | |
| from user space.  Tasks on the system that do not have a profile defined for
 | |
| them run in an unconfined state which is equivalent to standard Linux DAC
 | |
| permissions.
 | |
| 
 | |
| How to enable/disable
 | |
| =====================
 | |
| 
 | |
| set ``CONFIG_SECURITY_APPARMOR=y``
 | |
| 
 | |
| If AppArmor should be selected as the default security module then set::
 | |
| 
 | |
|    CONFIG_DEFAULT_SECURITY="apparmor"
 | |
|    CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
 | |
| 
 | |
| Build the kernel
 | |
| 
 | |
| If AppArmor is not the default security module it can be enabled by passing
 | |
| ``security=apparmor`` on the kernel's command line.
 | |
| 
 | |
| If AppArmor is the default security module it can be disabled by passing
 | |
| ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
 | |
| kernel's command line.
 | |
| 
 | |
| For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
 | |
| policy must be loaded into the kernel from user space (see the Documentation
 | |
| and tools links).
 | |
| 
 | |
| Documentation
 | |
| =============
 | |
| 
 | |
| Documentation can be found on the wiki, linked below.
 | |
| 
 | |
| Links
 | |
| =====
 | |
| 
 | |
| Mailing List - apparmor@lists.ubuntu.com
 | |
| 
 | |
| Wiki - http://wiki.apparmor.net
 | |
| 
 | |
| User space tools - https://gitlab.com/apparmor
 | |
| 
 | |
| Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
 |