Commit c1c124e91e7c6d5a600c98f6fb5b443c403a14f4
Committed by
James Morris
James Morris
1 parent
898127c34e
Exists in
master
and in
20 other branches
AppArmor: update Maintainer and Documentation
Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 3 changed files with 55 additions and 0 deletions Side-by-side Diff
Documentation/apparmor.txt
| 1 | +--- What is AppArmor? --- | |
| 2 | + | |
| 3 | +AppArmor is MAC style security extension for the Linux kernel. It implements | |
| 4 | +a task centered policy, with task "profiles" being created and loaded | |
| 5 | +from user space. Tasks on the system that do not have a profile defined for | |
| 6 | +them run in an unconfined state which is equivalent to standard Linux DAC | |
| 7 | +permissions. | |
| 8 | + | |
| 9 | +--- How to enable/disable --- | |
| 10 | + | |
| 11 | +set CONFIG_SECURITY_APPARMOR=y | |
| 12 | + | |
| 13 | +If AppArmor should be selected as the default security module then | |
| 14 | + set CONFIG_DEFAULT_SECURITY="apparmor" | |
| 15 | + and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 | |
| 16 | + | |
| 17 | +Build the kernel | |
| 18 | + | |
| 19 | +If AppArmor is not the default security module it can be enabled by passing | |
| 20 | +security=apparmor on the kernel's command line. | |
| 21 | + | |
| 22 | +If AppArmor is the default security module it can be disabled by passing | |
| 23 | +apparmor=0, security=XXXX (where XXX is valid security module), on the | |
| 24 | +kernel's command line | |
| 25 | + | |
| 26 | +For AppArmor to enforce any restrictions beyond standard Linux DAC permissions | |
| 27 | +policy must be loaded into the kernel from user space (see the Documentation | |
| 28 | +and tools links). | |
| 29 | + | |
| 30 | +--- Documentation --- | |
| 31 | + | |
| 32 | +Documentation can be found on the wiki. | |
| 33 | + | |
| 34 | +--- Links --- | |
| 35 | + | |
| 36 | +Mailing List - apparmor@lists.ubuntu.com | |
| 37 | +Wiki - http://apparmor.wiki.kernel.org/ | |
| 38 | +User space tools - https://launchpad.net/apparmor | |
| 39 | +Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git |
Documentation/kernel-parameters.txt
| ... | ... | @@ -93,6 +93,7 @@ |
| 93 | 93 | Documentation/scsi/. |
| 94 | 94 | SECURITY Different security models are enabled. |
| 95 | 95 | SELINUX SELinux support is enabled. |
| 96 | + APPARMOR AppArmor support is enabled. | |
| 96 | 97 | SERIAL Serial support is enabled. |
| 97 | 98 | SH SuperH architecture is enabled. |
| 98 | 99 | SMP The kernel is an SMP kernel. |
| ... | ... | @@ -2311,6 +2312,13 @@ |
| 2311 | 2312 | Default value is set via kernel config option. |
| 2312 | 2313 | If enabled at boot time, /selinux/disable can be used |
| 2313 | 2314 | later to disable prior to initial policy load. |
| 2315 | + | |
| 2316 | + apparmor= [APPARMOR] Disable or enable AppArmor at boot time | |
| 2317 | + Format: { "0" | "1" } | |
| 2318 | + See security/apparmor/Kconfig help text | |
| 2319 | + 0 -- disable. | |
| 2320 | + 1 -- enable. | |
| 2321 | + Default value is set via kernel config option. | |
| 2314 | 2322 | |
| 2315 | 2323 | serialnumber [BUGS=X86-32] |
| 2316 | 2324 |
MAINTAINERS
| ... | ... | @@ -5061,6 +5061,14 @@ |
| 5061 | 5061 | F: include/linux/selinux* |
| 5062 | 5062 | F: security/selinux/ |
| 5063 | 5063 | |
| 5064 | +APPARMOR SECURITY MODULE | |
| 5065 | +M: John Johansen <john.johansen@canonical.com> | |
| 5066 | +L: apparmor@lists.ubuntu.com (subscribers-only, general discussion) | |
| 5067 | +W: apparmor.wiki.kernel.org | |
| 5068 | +T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git | |
| 5069 | +S: Supported | |
| 5070 | +F: security/apparmor/ | |
| 5071 | + | |
| 5064 | 5072 | SENSABLE PHANTOM |
| 5065 | 5073 | M: Jiri Slaby <jirislaby@gmail.com> |
| 5066 | 5074 | S: Maintained |