Skip to content
Snippets Groups Projects
Commit e8af4b5b authored by Elvstam Cantner Andreas's avatar Elvstam Cantner Andreas
Browse files

Update introduction in apparmor.md 


Rewrite introduction to reflect the newly updated guide on AppArmor and
profile development. Briefly mention that DAC and capabilities are not
considered in the guide but considered prerequisites.

Signed-off-by: default avatarAndreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Apply 2 suggestion(s) to 1 file(s)
parent d25f9845
No related branches found
No related tags found
1 merge request!208Add new version of AppArmor guide
Hide whitespace changes
Inline Side-by-side
content/guides/apparmor.md
+ 14
7
View file @ e8af4b5b
......@@ -14,13 +14,20 @@ aliases = [
date = "2016-12-12"
+++
AppArmor is a security layer which enforces access control on the filesystem
resources applications can access, and the permissions they can access them
with. It comprises a kernel module and user space profiles for each
application, which define the resources an application expects to access. For
more information, see the
[AppArmor home page](http://wiki.apparmor.net/index.php/Main_Page). Apertis
uses AppArmor for all applications and services.
[AppArmor](https://apparmor.net/) is a [Linux Security Module (LSM)](https://en.wikipedia.org/wiki/Linux_Security_Modules)
implementation, which enforces [Mandatory Access Control (MAC)](https://en.wikipedia.org/wiki/Mandatory_access_control)
on a system. AppArmor comprises of both a kernel module and user space profiles for each application.
Apertis uses AppArmor to enforce security polices for applications and services to allow access to resources based on their profiles.
Depending on the mode the application or service is running, AppArmor can generate audit logs or deny access to system resources in order to track or prevent undesired accesses.
This guide will introduce AppArmor and explain how such profiles can be developed
in order to allow an application to run on a system where AppArmor is activated.
Since this guide is focusing on AppArmor and its implementation,
this guide will not cover details of prerequisites such as the
[Discretionary Access Control (DAC)](https://en.wikipedia.org/wiki/Discretionary_access_control)
or [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) that must
first be considered, in order to grant the user and application permissions or
access to resources on the system.
# Summary
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
Apertis Website Terms of Use Privacy Policy