AppArmor
| Original author(s) | Immunix |
|---|---|
| Developer(s) | Canonical |
| Initial release | 1998 |
| Stable release |
2.9.1 / December 15, 2014
|
| Repository | git |
| Written in | C, Perl, C++, sh |
| Operating system | Linux |
| Type | Security |
| License | GNU General Public License |
| Website | apparmor |
AppArmor ("Application") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.
In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used to generate an Apparmor profile, based on the program's typical behavior.
AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.
AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain. Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. They also claim that AppArmor requires fewer modifications to work with existing systems: for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.
AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.
The SELinux system generally takes an approach similar to AppArmor. One important difference is that SELinux identifies file system objects by inode number instead of path. This means, for example, while a file that is inaccessible may become accessible under AppArmor when a hard link to it is created, SELinux would still deny access through the newly created hard link, since the underlying data that is referenced by the inode would be the same.
...
Wikipedia