summaryrefslogtreecommitdiffstats
path: root/Documentation/security/apparmor.txt
diff options
context:
space:
mode:
authorRandy Dunlap <randy.dunlap@oracle.com>2011-05-19 15:59:38 -0700
committerRandy Dunlap <randy.dunlap@oracle.com>2011-05-19 15:59:38 -0700
commitd410fa4ef99112386de5f218dd7df7b4fca910b4 (patch)
treee29fbc3f6d27b20d73d8feb4ed73f6767f2e18fe /Documentation/security/apparmor.txt
parent61c4f2c81c61f73549928dfd9f3e8f26aa36a8cf (diff)
downloadop-kernel-dev-d410fa4ef99112386de5f218dd7df7b4fca910b4.zip
op-kernel-dev-d410fa4ef99112386de5f218dd7df7b4fca910b4.tar.gz
Create Documentation/security/,
move LSM-, credentials-, and keys-related files from Documentation/ to Documentation/security/, add Documentation/security/00-INDEX, and update all occurrences of Documentation/<moved_file> to Documentation/security/<moved_file>.
Diffstat (limited to 'Documentation/security/apparmor.txt')
-rw-r--r--Documentation/security/apparmor.txt39
1 files changed, 39 insertions, 0 deletions
diff --git a/Documentation/security/apparmor.txt b/Documentation/security/apparmor.txt
new file mode 100644
index 0000000..93c1fd7
--- /dev/null
+++ b/Documentation/security/apparmor.txt
@@ -0,0 +1,39 @@
+--- What is AppArmor? ---
+
+AppArmor is MAC style security extension for the Linux kernel. It implements
+a task centered policy, with task "profiles" being created and loaded
+from user space. Tasks on the system that do not have a profile defined for
+them run in an unconfined state which is equivalent to standard Linux DAC
+permissions.
+
+--- How to enable/disable ---
+
+set CONFIG_SECURITY_APPARMOR=y
+
+If AppArmor should be selected as the default security module then
+ set CONFIG_DEFAULT_SECURITY="apparmor"
+ and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+
+Build the kernel
+
+If AppArmor is not the default security module it can be enabled by passing
+security=apparmor on the kernel's command line.
+
+If AppArmor is the default security module it can be disabled by passing
+apparmor=0, security=XXXX (where XXX is valid security module), on the
+kernel's command line
+
+For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
+policy must be loaded into the kernel from user space (see the Documentation
+and tools links).
+
+--- Documentation ---
+
+Documentation can be found on the wiki.
+
+--- Links ---
+
+Mailing List - apparmor@lists.ubuntu.com
+Wiki - http://apparmor.wiki.kernel.org/
+User space tools - https://launchpad.net/apparmor
+Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
OpenPOWER on IntegriCloud