apparmor.rst (1417B)
1======== 2AppArmor 3======== 4 5What is AppArmor? 6================= 7 8AppArmor is MAC style security extension for the Linux kernel. It implements 9a task centered policy, with task "profiles" being created and loaded 10from user space. Tasks on the system that do not have a profile defined for 11them run in an unconfined state which is equivalent to standard Linux DAC 12permissions. 13 14How to enable/disable 15===================== 16 17set ``CONFIG_SECURITY_APPARMOR=y`` 18 19If AppArmor should be selected as the default security module then set:: 20 21 CONFIG_DEFAULT_SECURITY="apparmor" 22 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 23 24Build the kernel 25 26If AppArmor is not the default security module it can be enabled by passing 27``security=apparmor`` on the kernel's command line. 28 29If AppArmor is the default security module it can be disabled by passing 30``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the 31kernel's command line. 32 33For AppArmor to enforce any restrictions beyond standard Linux DAC permissions 34policy must be loaded into the kernel from user space (see the Documentation 35and tools links). 36 37Documentation 38============= 39 40Documentation can be found on the wiki, linked below. 41 42Links 43===== 44 45Mailing List - apparmor@lists.ubuntu.com 46 47Wiki - http://wiki.apparmor.net 48 49User space tools - https://gitlab.com/apparmor 50 51Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor