forked from Minki/linux
doc: ReSTify apparmor.txt
Adjusts for ReST markup and moves under LSM admin guide. Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
parent
229fd05c56
commit
26fccd9ed2
@ -1,4 +1,9 @@
|
||||
--- What is AppArmor? ---
|
||||
========
|
||||
AppArmor
|
||||
========
|
||||
|
||||
What is AppArmor?
|
||||
=================
|
||||
|
||||
AppArmor is MAC style security extension for the Linux kernel. It implements
|
||||
a task centered policy, with task "profiles" being created and loaded
|
||||
@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a profile defined for
|
||||
them run in an unconfined state which is equivalent to standard Linux DAC
|
||||
permissions.
|
||||
|
||||
--- How to enable/disable ---
|
||||
How to enable/disable
|
||||
=====================
|
||||
|
||||
set CONFIG_SECURITY_APPARMOR=y
|
||||
set ``CONFIG_SECURITY_APPARMOR=y``
|
||||
|
||||
If AppArmor should be selected as the default security module then
|
||||
set CONFIG_DEFAULT_SECURITY="apparmor"
|
||||
and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
|
||||
If AppArmor should be selected as the default security module then set::
|
||||
|
||||
CONFIG_DEFAULT_SECURITY="apparmor"
|
||||
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
|
||||
|
||||
Build the kernel
|
||||
|
||||
If AppArmor is not the default security module it can be enabled by passing
|
||||
security=apparmor on the kernel's command line.
|
||||
``security=apparmor`` on the kernel's command line.
|
||||
|
||||
If AppArmor is the default security module it can be disabled by passing
|
||||
apparmor=0, security=XXXX (where XXX is valid security module), on the
|
||||
kernel's command line
|
||||
``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
|
||||
kernel's command line.
|
||||
|
||||
For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
|
||||
policy must be loaded into the kernel from user space (see the Documentation
|
||||
and tools links).
|
||||
|
||||
--- Documentation ---
|
||||
Documentation
|
||||
=============
|
||||
|
||||
Documentation can be found on the wiki.
|
||||
Documentation can be found on the wiki, linked below.
|
||||
|
||||
--- Links ---
|
||||
Links
|
||||
=====
|
||||
|
||||
Mailing List - apparmor@lists.ubuntu.com
|
||||
|
||||
Wiki - http://apparmor.wiki.kernel.org/
|
||||
|
||||
User space tools - https://launchpad.net/apparmor
|
||||
|
||||
Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
|
@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one configured.
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
apparmor
|
||||
SELinux
|
||||
|
@ -4,8 +4,6 @@ Smack.txt
|
||||
- documentation on the Smack Linux Security Module.
|
||||
Yama.txt
|
||||
- documentation on the Yama Linux Security Module.
|
||||
apparmor.txt
|
||||
- documentation on the AppArmor security extension.
|
||||
keys-ecryptfs.txt
|
||||
- description of the encryption keys for the ecryptfs filesystem.
|
||||
keys-request-key.txt
|
||||
|
@ -11560,6 +11560,7 @@ W: apparmor.wiki.kernel.org
|
||||
T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
|
||||
S: Supported
|
||||
F: security/apparmor/
|
||||
F: Documentation/admin-guide/LSM/apparmor.rst
|
||||
|
||||
LOADPIN SECURITY MODULE
|
||||
M: Kees Cook <keescook@chromium.org>
|
||||
|
@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref)
|
||||
* @flags: flags controlling what type of accept tables are acceptable
|
||||
*
|
||||
* Unpack a dfa that has been serialized. To find information on the dfa
|
||||
* format look in Documentation/security/apparmor.txt
|
||||
* format look in Documentation/admin-guide/LSM/apparmor.rst
|
||||
* Assumes the dfa @blob stream has been aligned on a 8 byte boundary
|
||||
*
|
||||
* Returns: an unpacked dfa ready for matching or ERR_PTR on failure
|
||||
|
@ -13,7 +13,7 @@
|
||||
* License.
|
||||
*
|
||||
* AppArmor uses a serialized binary format for loading policy. To find
|
||||
* policy format documentation look in Documentation/security/apparmor.txt
|
||||
* policy format documentation see Documentation/admin-guide/LSM/apparmor.rst
|
||||
* All policy is validated before it is used.
|
||||
*/
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user