mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-01 10:42:11 +00:00
AppArmor: update Maintainer and Documentation
Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
898127c34e
commit
c1c124e91e
39
Documentation/apparmor.txt
Normal file
39
Documentation/apparmor.txt
Normal file
@ -0,0 +1,39 @@
|
||||
--- What is AppArmor? ---
|
||||
|
||||
AppArmor is MAC style security extension for the Linux kernel. It implements
|
||||
a task centered policy, with task "profiles" being created and loaded
|
||||
from user space. Tasks on the system that do not have a profile defined for
|
||||
them run in an unconfined state which is equivalent to standard Linux DAC
|
||||
permissions.
|
||||
|
||||
--- How to enable/disable ---
|
||||
|
||||
set CONFIG_SECURITY_APPARMOR=y
|
||||
|
||||
If AppArmor should be selected as the default security module then
|
||||
set CONFIG_DEFAULT_SECURITY="apparmor"
|
||||
and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
|
||||
|
||||
Build the kernel
|
||||
|
||||
If AppArmor is not the default security module it can be enabled by passing
|
||||
security=apparmor on the kernel's command line.
|
||||
|
||||
If AppArmor is the default security module it can be disabled by passing
|
||||
apparmor=0, security=XXXX (where XXX is valid security module), on the
|
||||
kernel's command line
|
||||
|
||||
For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
|
||||
policy must be loaded into the kernel from user space (see the Documentation
|
||||
and tools links).
|
||||
|
||||
--- Documentation ---
|
||||
|
||||
Documentation can be found on the wiki.
|
||||
|
||||
--- Links ---
|
||||
|
||||
Mailing List - apparmor@lists.ubuntu.com
|
||||
Wiki - http://apparmor.wiki.kernel.org/
|
||||
User space tools - https://launchpad.net/apparmor
|
||||
Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
|
@ -93,6 +93,7 @@ parameter is applicable:
|
||||
Documentation/scsi/.
|
||||
SECURITY Different security models are enabled.
|
||||
SELINUX SELinux support is enabled.
|
||||
APPARMOR AppArmor support is enabled.
|
||||
SERIAL Serial support is enabled.
|
||||
SH SuperH architecture is enabled.
|
||||
SMP The kernel is an SMP kernel.
|
||||
@ -2312,6 +2313,13 @@ and is between 256 and 4096 characters. It is defined in the file
|
||||
If enabled at boot time, /selinux/disable can be used
|
||||
later to disable prior to initial policy load.
|
||||
|
||||
apparmor= [APPARMOR] Disable or enable AppArmor at boot time
|
||||
Format: { "0" | "1" }
|
||||
See security/apparmor/Kconfig help text
|
||||
0 -- disable.
|
||||
1 -- enable.
|
||||
Default value is set via kernel config option.
|
||||
|
||||
serialnumber [BUGS=X86-32]
|
||||
|
||||
shapers= [NET]
|
||||
|
@ -5061,6 +5061,14 @@ S: Supported
|
||||
F: include/linux/selinux*
|
||||
F: security/selinux/
|
||||
|
||||
APPARMOR SECURITY MODULE
|
||||
M: John Johansen <john.johansen@canonical.com>
|
||||
L: apparmor@lists.ubuntu.com (subscribers-only, general discussion)
|
||||
W: apparmor.wiki.kernel.org
|
||||
T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
|
||||
S: Supported
|
||||
F: security/apparmor/
|
||||
|
||||
SENSABLE PHANTOM
|
||||
M: Jiri Slaby <jirislaby@gmail.com>
|
||||
S: Maintained
|
||||
|
Loading…
Reference in New Issue
Block a user