| John Johansen | c1c124e | 2010-07-29 14:48:09 -0700 | [diff] [blame] | 1 | --- What is AppArmor? --- |
| 2 | |
| 3 | AppArmor is MAC style security extension for the Linux kernel. It implements |
| 4 | a task centered policy, with task "profiles" being created and loaded |
| 5 | from user space. Tasks on the system that do not have a profile defined for |
| 6 | them run in an unconfined state which is equivalent to standard Linux DAC |
| 7 | permissions. |
| 8 | |
| 9 | --- How to enable/disable --- |
| 10 | |
| 11 | set CONFIG_SECURITY_APPARMOR=y |
| 12 | |
| 13 | If AppArmor should be selected as the default security module then |
| 14 | set CONFIG_DEFAULT_SECURITY="apparmor" |
| 15 | and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 |
| 16 | |
| 17 | Build the kernel |
| 18 | |
| 19 | If AppArmor is not the default security module it can be enabled by passing |
| 20 | security=apparmor on the kernel's command line. |
| 21 | |
| 22 | If AppArmor is the default security module it can be disabled by passing |
| 23 | apparmor=0, security=XXXX (where XXX is valid security module), on the |
| 24 | kernel's command line |
| 25 | |
| 26 | For AppArmor to enforce any restrictions beyond standard Linux DAC permissions |
| 27 | policy must be loaded into the kernel from user space (see the Documentation |
| 28 | and tools links). |
| 29 | |
| 30 | --- Documentation --- |
| 31 | |
| 32 | Documentation can be found on the wiki. |
| 33 | |
| 34 | --- Links --- |
| 35 | |
| 36 | Mailing List - apparmor@lists.ubuntu.com |
| 37 | Wiki - http://apparmor.wiki.kernel.org/ |
| 38 | User space tools - https://launchpad.net/apparmor |
| 39 | Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git |