0001 ========
0002 AppArmor
0003 ========
0004
0005 What is AppArmor?
0006 =================
0007
0008 AppArmor is MAC style security extension for the Linux kernel. It implements
0009 a task centered policy, with task "profiles" being created and loaded
0010 from user space. Tasks on the system that do not have a profile defined for
0011 them run in an unconfined state which is equivalent to standard Linux DAC
0012 permissions.
0013
0014 How to enable/disable
0015 =====================
0016
0017 set ``CONFIG_SECURITY_APPARMOR=y``
0018
0019 If AppArmor should be selected as the default security module then set::
0020
0021 CONFIG_DEFAULT_SECURITY="apparmor"
0022 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
0023
0024 Build the kernel
0025
0026 If AppArmor is not the default security module it can be enabled by passing
0027 ``security=apparmor`` on the kernel's command line.
0028
0029 If AppArmor is the default security module it can be disabled by passing
0030 ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
0031 kernel's command line.
0032
0033 For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
0034 policy must be loaded into the kernel from user space (see the Documentation
0035 and tools links).
0036
0037 Documentation
0038 =============
0039
0040 Documentation can be found on the wiki, linked below.
0041
0042 Links
0043 =====
0044
0045 Mailing List - apparmor@lists.ubuntu.com
0046
0047 Wiki - http://wiki.apparmor.net
0048
0049 User space tools - https://gitlab.com/apparmor
0050
0051 Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
