[ubuntu-hardened] AppArmor for Ubuntu

Crispin Cowan crispin at novell.com
Mon Apr 2 05:31:36 BST 2007

I am very pleased to announce that AppArmor is now a part of the Ubuntu
Universe collection for Feisty Fawn. AppArmor, for those who haven't
seen it before, is an application security system for Linux with an
emphasis on ease of use.

What makes AppArmor easy to use is a combination of the security model
and the policy writing tools. The security model is to specify the
objects being mediated in the native language for that object, so e.g.
you permit Apache to read all of the HTML documents on the web server
with a rule that says

/var/www/**.html   r,

The main policy writing tool is a monkey-see/monkey-do system where you
can run an application in learning mode, and AppArmor permits it to do
anything it wants, and then based on that experience, generates a
security profile that permits those actions and similar things.

To learn more about AppArmor, you can use these resources:

    * The AppArmor packages include a variety man pages and short and
      longer technical documentation
    * View this video of my AppArmor presentation at FOSDEM 2006
    * Attend the 1-hour AppArmor for Ubuntu session at the upcoming
      Ubuntu Live conference July 22-24 in Portland Oregon, co-located
      with the O'Reilly Open Source conference http://www.ubuntulive.com/
    * Attend the all-day AppArmor Dojo at CanSecWest April 16-20 in
      Vancouver Canada http://cansecwest.com/dojoapparmor.html

Big thanks Kees Cook, Magnus Runesson, Jesse Michael, John Johansen,
Steve Beattie, and Seth Arnold for getting AppArmor suitably packaged
for the Ubuntu Universe collection.


Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
AppArmor Training at CanSec West   http://cansecwest.com/dojoapparmor.html

More information about the ubuntu-hardened mailing list