Blame view

kernel/linux-imx6_3.14.28/Documentation/security/apparmor.txt 1.31 KB
6b13f685e   김민수   BSP 최초 추가
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
  --- What is AppArmor? ---
  
  AppArmor is MAC style security extension for the Linux kernel.  It implements
  a task centered policy, with task "profiles" being created and loaded
  from user space.  Tasks on the system that do not have a profile defined for
  them run in an unconfined state which is equivalent to standard Linux DAC
  permissions.
  
  --- How to enable/disable ---
  
  set CONFIG_SECURITY_APPARMOR=y
  
  If AppArmor should be selected as the default security module then
     set CONFIG_DEFAULT_SECURITY="apparmor"
     and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
  
  Build the kernel
  
  If AppArmor is not the default security module it can be enabled by passing
  security=apparmor on the kernel's command line.
  
  If AppArmor is the default security module it can be disabled by passing
  apparmor=0, security=XXXX (where XXX is valid security module), on the
  kernel's command line
  
  For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
  policy must be loaded into the kernel from user space (see the Documentation
  and tools links).
  
  --- Documentation ---
  
  Documentation can be found on the wiki.
  
  --- Links ---
  
  Mailing List - apparmor@lists.ubuntu.com
  Wiki - http://apparmor.wiki.kernel.org/
  User space tools - https://launchpad.net/apparmor
  Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git