^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) AppArmor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) ========
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) What is AppArmor?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) =================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) AppArmor is MAC style security extension for the Linux kernel. It implements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) a task centered policy, with task "profiles" being created and loaded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) from user space. Tasks on the system that do not have a profile defined for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) them run in an unconfined state which is equivalent to standard Linux DAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) permissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) How to enable/disable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) =====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) set ``CONFIG_SECURITY_APPARMOR=y``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) If AppArmor should be selected as the default security module then set::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) CONFIG_DEFAULT_SECURITY="apparmor"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) Build the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) If AppArmor is not the default security module it can be enabled by passing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) ``security=apparmor`` on the kernel's command line.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) If AppArmor is the default security module it can be disabled by passing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) kernel's command line.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) policy must be loaded into the kernel from user space (see the Documentation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) and tools links).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) Documentation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) =============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) Documentation can be found on the wiki, linked below.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) Links
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) =====
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) Mailing List - apparmor@lists.ubuntu.com
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) Wiki - http://wiki.apparmor.net
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) User space tools - https://gitlab.com/apparmor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags