1======== 2AppArmor 3======== 4 5What is AppArmor? 6================= 7 8AppArmor is MAC style security extension for the Linux kernel. It implements 9a task centered policy, with task "profiles" being created and loaded 10from user space. Tasks on the system that do not have a profile defined for 11them run in an unconfined state which is equivalent to standard Linux DAC 12permissions. 13 14How to enable/disable 15===================== 16 17set ``CONFIG_SECURITY_APPARMOR=y`` 18 19If AppArmor should be selected as the default security module then set:: 20 21 CONFIG_DEFAULT_SECURITY_APPARMOR=y 22 23The CONFIG_LSM parameter manages the order and selection of LSMs. 24Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack) 25in the list. 26 27Build the kernel 28 29If AppArmor is not the default security module it can be enabled by passing 30``security=apparmor`` on the kernel's command line. 31 32If AppArmor is the default security module it can be disabled by passing 33``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the 34kernel's command line. 35 36For AppArmor to enforce any restrictions beyond standard Linux DAC permissions 37policy must be loaded into the kernel from user space (see the Documentation 38and tools links). 39 40Documentation 41============= 42 43Documentation can be found on the wiki, linked below. 44 45Links 46===== 47 48Mailing List - apparmor@lists.ubuntu.com 49 50Wiki - http://wiki.apparmor.net 51 52User space tools - https://gitlab.com/apparmor 53 54Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor 55