162306a36Sopenharmony_ci======== 262306a36Sopenharmony_ciAppArmor 362306a36Sopenharmony_ci======== 462306a36Sopenharmony_ci 562306a36Sopenharmony_ciWhat is AppArmor? 662306a36Sopenharmony_ci================= 762306a36Sopenharmony_ci 862306a36Sopenharmony_ciAppArmor is MAC style security extension for the Linux kernel. It implements 962306a36Sopenharmony_cia task centered policy, with task "profiles" being created and loaded 1062306a36Sopenharmony_cifrom user space. Tasks on the system that do not have a profile defined for 1162306a36Sopenharmony_cithem run in an unconfined state which is equivalent to standard Linux DAC 1262306a36Sopenharmony_cipermissions. 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ciHow to enable/disable 1562306a36Sopenharmony_ci===================== 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ciset ``CONFIG_SECURITY_APPARMOR=y`` 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ciIf AppArmor should be selected as the default security module then set:: 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ci CONFIG_DEFAULT_SECURITY="apparmor" 2262306a36Sopenharmony_ci CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ciBuild the kernel 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_ciIf AppArmor is not the default security module it can be enabled by passing 2762306a36Sopenharmony_ci``security=apparmor`` on the kernel's command line. 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_ciIf AppArmor is the default security module it can be disabled by passing 3062306a36Sopenharmony_ci``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the 3162306a36Sopenharmony_cikernel's command line. 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ciFor AppArmor to enforce any restrictions beyond standard Linux DAC permissions 3462306a36Sopenharmony_cipolicy must be loaded into the kernel from user space (see the Documentation 3562306a36Sopenharmony_ciand tools links). 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ciDocumentation 3862306a36Sopenharmony_ci============= 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ciDocumentation can be found on the wiki, linked below. 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ciLinks 4362306a36Sopenharmony_ci===== 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ciMailing List - apparmor@lists.ubuntu.com 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ciWiki - http://wiki.apparmor.net 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ciUser space tools - https://gitlab.com/apparmor 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ciKernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor 52