[apparmor] Need rewrite of http://wiki.apparmor.net/index.php/Main_Page#Description AND/OR http://wiki.apparmor.net/index.php/AppArmor:About
John Johansen
john.johansen at canonical.com
Wed Jun 1 21:45:03 UTC 2016
On 05/21/2016 12:02 PM, Richard Owlett wrote:
> AC systems on Linux: it is path-based, it allows mixing of
> enforcement and complain mode profiles, it uses include files to ease
> development, and it has a far lower barrier to entry than other popular
> MAC systems. AppArmor is an established technology first seen in Immunix
> and later integrated into Ubuntu, Novell/SUSE, and Mandriva. Core
> AppArmor functionality is in the mainline Linux kernel from 2.6.36
> onwards; work is ongoing by AppArmor, Ubuntu and other developers to
> merge additional AppArmor functionality into the mainline kernel.
>
> Properties of AppArmor include:
>
> * profiles are simple text files
> * comments are supported in the profile
> * absolute paths as well as file globbing can be used when specifying
> file access
> * various access controls for files are present.
> * access controls for networking are present
> * specificity in rule matching, ie the most specific rule matches
> * include files are supported to ease development and simplify profiles
> * variables can be defined and manipulated outside the profile
> * AppArmor profiles are easy to read and audit
Thanks for the input, I have attempted to combine your text with some that
I wrote. I am sure it needs more editing but it is now available at
http://wiki.apparmor.net/index.php/AppArmor:About
More information about the AppArmor
mailing list