[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: Re: [apparmor] Need rewrite of http://wiki.apparmor.net/index.php/Main_Page#Description AND/OR
From: John Johansen <john.johansen () canonical ! com>
Date: 2016-06-01 21:45:03
Message-ID: 574F575F.4080003 () canonical ! com
[Download RAW message or body]
On 05/21/2016 12:02 PM, Richard Owlett wrote:
> AC systems on Linux: it is path-based, it allows mixing of
> enforcement and complain mode profiles, it uses include files to ease
> development, and it has a far lower barrier to entry than other popular
> MAC systems. AppArmor is an established technology first seen in Immunix
> and later integrated into Ubuntu, Novell/SUSE, and Mandriva. Core
> AppArmor functionality is in the mainline Linux kernel from 2.6.36
> onwards; work is ongoing by AppArmor, Ubuntu and other developers to
> merge additional AppArmor functionality into the mainline kernel.
>
> Properties of AppArmor include:
>
> * profiles are simple text files
> * comments are supported in the profile
> * absolute paths as well as file globbing can be used when specifying
> file access
> * various access controls for files are present.
> * access controls for networking are present
> * specificity in rule matching, ie the most specific rule matches
> * include files are supported to ease development and simplify profiles
> * variables can be defined and manipulated outside the profile
> * AppArmor profiles are easy to read and audit
Thanks for the input, I have attempted to combine your text with some that
I wrote. I am sure it needs more editing but it is now available at
http://wiki.apparmor.net/index.php/AppArmor:About
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic