[apparmor] apparmor support in centos/rhel 7
john.johansen at canonical.com
Wed Jul 9 05:20:44 UTC 2014
On 07/08/2014 11:23 PM, Jeroen Ooms wrote:
> On Sat, Mar 15, 2014 at 12:08 AM, John Johansen
> <john.johansen at canonical.com> wrote:
>> It does appear that the centos rh7beta kernel does have apparmor available.
>> With selinux set as the default MAC.
> A new post  by the centos team suggests that AppArmor will be
> available on EL 7 in the "plus kernel". Not sure what that entails, or
> which version of AppArmor they include. Anyone giving this a try?
I have not tried it yet but I looked at it quick a while ago. It is the pure
upstream version and they have set apparmor to be builtin but not enabled by
default. I do mean to look at it more I just haven't had time yet.
You need to set security=apparmor on your grub kernel line.
It would be really good if we could update our userspace rpm packaging bits
so that it would be easier/better to setup package for RH systems. I don't
think this has been looked at for years. The suse RPMs would be a good starting
point but I expect there will be some tweaking of them for RH.
More information about the AppArmor