diff options
| author | Kees Cook <keescook@chromium.org> | 2017-05-13 04:51:45 -0700 |
|---|---|---|
| committer | Jonathan Corbet <corbet@lwn.net> | 2017-05-18 10:32:38 -0600 |
| commit | 26fccd9ed2e283add2849858c28bd14f84d9c48e (patch) | |
| tree | 4323d0eaf0687281391e76820ea59b28165858f7 /Documentation/admin-guide | |
| parent | 229fd05c565eb931aa7c59c9d740e2047701a4ad (diff) | |
doc: ReSTify apparmor.txt
Adjusts for ReST markup and moves under LSM admin guide.
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Diffstat (limited to 'Documentation/admin-guide')
| -rw-r--r-- | Documentation/admin-guide/LSM/apparmor.rst | 51 | ||||
| -rw-r--r-- | Documentation/admin-guide/LSM/index.rst | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/Documentation/admin-guide/LSM/apparmor.rst b/Documentation/admin-guide/LSM/apparmor.rst new file mode 100644 index 000000000000..3e9734bd0e05 --- /dev/null +++ b/Documentation/admin-guide/LSM/apparmor.rst @@ -0,0 +1,51 @@ +======== +AppArmor +======== + +What is AppArmor? +================= + +AppArmor is MAC style security extension for the Linux kernel. It implements +a task centered policy, with task "profiles" being created and loaded +from user space. Tasks on the system that do not have a profile defined for +them run in an unconfined state which is equivalent to standard Linux DAC +permissions. + +How to enable/disable +===================== + +set ``CONFIG_SECURITY_APPARMOR=y`` + +If AppArmor should be selected as the default security module then set:: + + CONFIG_DEFAULT_SECURITY="apparmor" + CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 + +Build the kernel + +If AppArmor is not the default security module it can be enabled by passing +``security=apparmor`` on the kernel's command line. + +If AppArmor is the default security module it can be disabled by passing +``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the +kernel's command line. + +For AppArmor to enforce any restrictions beyond standard Linux DAC permissions +policy must be loaded into the kernel from user space (see the Documentation +and tools links). + +Documentation +============= + +Documentation can be found on the wiki, linked below. + +Links +===== + +Mailing List - apparmor@lists.ubuntu.com + +Wiki - http://apparmor.wiki.kernel.org/ + +User space tools - https://launchpad.net/apparmor + +Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst index cc0e04d63bf9..a4db29410ea0 100644 --- a/Documentation/admin-guide/LSM/index.rst +++ b/Documentation/admin-guide/LSM/index.rst @@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one configured. .. toctree:: :maxdepth: 1 + apparmor SELinux |