AppArmor

AppArmor is a Mandatory Access Control (MAC) system. It is less complicated than the better known SELinux (www.nsa.gov/research/selinux/), a MAC created by the U.S. National Security Agency (NSA). AppArmor is designed to limit what specific programs can do by restricting them to the use of predetermined resources and only those resources. This is done via profiles, which are loaded into the kernel at boot. It can be run in complain mode, where information is logged about unsecure practices but no action is taken, or in enforce mode, where policies and limits are active.

This is a brief introduction to AppArmor. For a fuller introduction, check the links listed in the “References” section at the end of this chapter.

By default, AppArmor ...

Get Ubuntu Unleashed 2013 Edition: Covering 12.10 and 13.04, Eighth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.