Commit c1c124e91e7c6d5a600c98f6fb5b443c403a14f4
Committed by
James Morris
1 parent
898127c34e
Exists in
master
and in
20 other branches
AppArmor: update Maintainer and Documentation
Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 55 additions and 0 deletions Side-by-side Diff
Documentation/apparmor.txt
1 | +--- What is AppArmor? --- | |
2 | + | |
3 | +AppArmor is MAC style security extension for the Linux kernel. It implements | |
4 | +a task centered policy, with task "profiles" being created and loaded | |
5 | +from user space. Tasks on the system that do not have a profile defined for | |
6 | +them run in an unconfined state which is equivalent to standard Linux DAC | |
7 | +permissions. | |
8 | + | |
9 | +--- How to enable/disable --- | |
10 | + | |
11 | +set CONFIG_SECURITY_APPARMOR=y | |
12 | + | |
13 | +If AppArmor should be selected as the default security module then | |
14 | + set CONFIG_DEFAULT_SECURITY="apparmor" | |
15 | + and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
16 | + | |
17 | +Build the kernel | |
18 | + | |
19 | +If AppArmor is not the default security module it can be enabled by passing | |
20 | +security=apparmor on the kernel's command line. | |
21 | + | |
22 | +If AppArmor is the default security module it can be disabled by passing | |
23 | +apparmor=0, security=XXXX (where XXX is valid security module), on the | |
24 | +kernel's command line | |
25 | + | |
26 | +For AppArmor to enforce any restrictions beyond standard Linux DAC permissions | |
27 | +policy must be loaded into the kernel from user space (see the Documentation | |
28 | +and tools links). | |
29 | + | |
30 | +--- Documentation --- | |
31 | + | |
32 | +Documentation can be found on the wiki. | |
33 | + | |
34 | +--- Links --- | |
35 | + | |
36 | +Mailing List - apparmor@lists.ubuntu.com | |
37 | +Wiki - http://apparmor.wiki.kernel.org/ | |
38 | +User space tools - https://launchpad.net/apparmor | |
39 | +Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git |
Documentation/kernel-parameters.txt
... | ... | @@ -93,6 +93,7 @@ |
93 | 93 | Documentation/scsi/. |
94 | 94 | SECURITY Different security models are enabled. |
95 | 95 | SELINUX SELinux support is enabled. |
96 | + APPARMOR AppArmor support is enabled. | |
96 | 97 | SERIAL Serial support is enabled. |
97 | 98 | SH SuperH architecture is enabled. |
98 | 99 | SMP The kernel is an SMP kernel. |
... | ... | @@ -2311,6 +2312,13 @@ |
2311 | 2312 | Default value is set via kernel config option. |
2312 | 2313 | If enabled at boot time, /selinux/disable can be used |
2313 | 2314 | later to disable prior to initial policy load. |
2315 | + | |
2316 | + apparmor= [APPARMOR] Disable or enable AppArmor at boot time | |
2317 | + Format: { "0" | "1" } | |
2318 | + See security/apparmor/Kconfig help text | |
2319 | + 0 -- disable. | |
2320 | + 1 -- enable. | |
2321 | + Default value is set via kernel config option. | |
2314 | 2322 | |
2315 | 2323 | serialnumber [BUGS=X86-32] |
2316 | 2324 |
MAINTAINERS
... | ... | @@ -5061,6 +5061,14 @@ |
5061 | 5061 | F: include/linux/selinux* |
5062 | 5062 | F: security/selinux/ |
5063 | 5063 | |
5064 | +APPARMOR SECURITY MODULE | |
5065 | +M: John Johansen <john.johansen@canonical.com> | |
5066 | +L: apparmor@lists.ubuntu.com (subscribers-only, general discussion) | |
5067 | +W: apparmor.wiki.kernel.org | |
5068 | +T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git | |
5069 | +S: Supported | |
5070 | +F: security/apparmor/ | |
5071 | + | |
5064 | 5072 | SENSABLE PHANTOM |
5065 | 5073 | M: Jiri Slaby <jirislaby@gmail.com> |
5066 | 5074 | S: Maintained |