1 ======== 2 AppArmor 3 ======== 4 5 What is AppArmor? 6 ================= 7 8 AppArmor is MAC style security extension for the Linux kernel. It implements 9 a task centered policy, with task "profiles" being created and loaded 10 from user space. Tasks on the system that do not have a profile defined for 11 them run in an unconfined state which is equivalent to standard Linux DAC 12 permissions. 13 14 How to enable/disable 15 ===================== 16 17 set ``CONFIG_SECURITY_APPARMOR=y`` 18 19 If AppArmor should be selected as the default security module then set:: 20 21 CONFIG_DEFAULT_SECURITY="apparmor" 22 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 23 24 Build the kernel 25 26 If AppArmor is not the default security module it can be enabled by passing 27 ``security=apparmor`` on the kernel's command line. 28 29 If AppArmor is the default security module it can be disabled by passing 30 ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the 31 kernel's command line. 32 33 For AppArmor to enforce any restrictions beyond standard Linux DAC permissions 34 policy must be loaded into the kernel from user space (see the Documentation 35 and tools links). 36 37 Documentation 38 ============= 39 40 Documentation can be found on the wiki, linked below. 41 42 Links 43 ===== 44 45 Mailing List - apparmor@lists.ubuntu.com 46 47 Wiki - http://wiki.apparmor.net 48 49 User space tools - https://gitlab.com/apparmor 50 51 Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.