mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-03 15:55:46 +00:00
Update home
John Johansen
320
home.md
320
home.md
@@ -1,160 +1,160 @@
|
|||||||
[AppArmor](About)
|
[AppArmor](About)
|
||||||
=====================================
|
=====================================
|
||||||
|
|
||||||
Welcome to the AppArmor security project wiki, the wiki for users
|
Welcome to the AppArmor security project wiki, the wiki for users
|
||||||
and developers of the AppArmor security project.
|
and developers of the AppArmor security project.
|
||||||
|
|
||||||
Description
|
Description
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
AppArmor is an effective and easy-to-use Linux application security
|
AppArmor is an effective and easy-to-use Linux application security
|
||||||
system. AppArmor proactively protects the operating system and
|
system. AppArmor proactively protects the operating system and
|
||||||
applications from external or internal threats, even zero-day attacks,
|
applications from external or internal threats, even zero-day attacks,
|
||||||
by enforcing good behavior and preventing even unknown application
|
by enforcing good behavior and preventing even unknown application
|
||||||
flaws from being exploited. AppArmor security policies completely
|
flaws from being exploited. AppArmor security policies completely
|
||||||
define what system resources individual applications can access,
|
define what system resources individual applications can access,
|
||||||
and with what privileges. A number of default policies are included
|
and with what privileges. A number of default policies are included
|
||||||
with AppArmor, and using a combination of advanced static analysis
|
with AppArmor, and using a combination of advanced static analysis
|
||||||
and learning-based tools, AppArmor policies for even very complex
|
and learning-based tools, AppArmor policies for even very complex
|
||||||
applications can be deployed successfully in a matter of hours.
|
applications can be deployed successfully in a matter of hours.
|
||||||
|
|
||||||
More details about AppArmor can be found in the [documentation](Documentation)
|
More details about AppArmor can be found in the [documentation](Documentation)
|
||||||
|
|
||||||
Getting AppArmor
|
Getting AppArmor
|
||||||
================
|
================
|
||||||
|
|
||||||
Distributions and Ports
|
Distributions and Ports
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
||||||
Distributions that include AppArmor:
|
Distributions that include AppArmor:
|
||||||
|
|
||||||
- [Annvix](https://annvix.org)
|
- [Annvix](https://annvix.org)
|
||||||
- [Arch Linux](https://www.archlinux.org/), documentation and Arch specific [notes](https://wiki.archlinux.org/index.php/AppArmor)
|
- [Arch Linux](https://www.archlinux.org/), documentation and Arch specific [notes](https://wiki.archlinux.org/index.php/AppArmor)
|
||||||
- [CentOs](https://www.centos.org/), documentation and CentOS specific [notes](Distro_CentOS)
|
- [CentOs](https://www.centos.org/), documentation and CentOS specific [notes](Distro_CentOS)
|
||||||
- [Debian](https://www.debian.org/), documentation and Debian specific [notes](distro_debian)
|
- [Debian](https://www.debian.org/), documentation and Debian specific [notes](distro_debian)
|
||||||
- [Gentoo](https://www.gentoo.org/)
|
- [Gentoo](https://www.gentoo.org/)
|
||||||
- [openSUSE](https://www.opensuse.org) (integrated in default install), documentation and Suse specific [notes](distro_suse)
|
- [openSUSE](https://www.opensuse.org) (integrated in default install), documentation and Suse specific [notes](distro_suse)
|
||||||
- [Pardus Linux](https://www.pardus.org.tr)
|
- [Pardus Linux](https://www.pardus.org.tr)
|
||||||
- [PLD](https://www.pld-linux.org)
|
- [PLD](https://www.pld-linux.org)
|
||||||
- [Ubuntu](https://www.ubuntu.com) (integrated in default install), documentation and Ubuntu specific [notes](distro_ubuntu)
|
- [Ubuntu](https://www.ubuntu.com) (integrated in default install), documentation and Ubuntu specific [notes](distro_ubuntu)
|
||||||
|
|
||||||
|
|
||||||
Any derivatives of these distributions should also have AppArmor available. [Updated RPMS](http://download.opensuse.org/repositories/security:/apparmor/) can be found at the [openSUSE Build Service](http://en.opensuse.org/Build_Service). These are not limited to SUSE distributions.
|
Any derivatives of these distributions should also have AppArmor available. [Updated RPMS](http://download.opensuse.org/repositories/security:/apparmor/) can be found at the [openSUSE Build Service](http://en.opensuse.org/Build_Service). These are not limited to SUSE distributions.
|
||||||
|
|
||||||
Source code
|
Source code
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
The AppArmor project source is split between the kernel module, available in the Linux kernel and git development tree and the user space tools available in launchpad.
|
The AppArmor project source is split between the kernel module, available in the Linux kernel and git development tree and the user space tools available in launchpad.
|
||||||
|
|
||||||
#### Kernel
|
#### Kernel
|
||||||
|
|
||||||
AppArmor is in the upstream kernel as of 2.6.36. Earlier releases are available in the kernel module git tree:
|
AppArmor is in the upstream kernel as of 2.6.36. Earlier releases are available in the kernel module git tree:
|
||||||
|
|
||||||
- [How to get the AppArmor kernel source](gittutorial)
|
- [How to get the AppArmor kernel source](gittutorial)
|
||||||
|
|
||||||
Note: the master branch is not stable and will be rebased from time to time. Release branches will be stable and will not be rebased.
|
Note: the master branch is not stable and will be rebased from time to time. Release branches will be stable and will not be rebased.
|
||||||
|
|
||||||
The AppArmor v2.4 compatibility patches are available in the stable kernel branches. eg v3.4-aa2.8 or in the release tarballs in the kernel-patches directory.
|
The AppArmor v2.4 compatibility patches are available in the stable kernel branches. eg v3.4-aa2.8 or in the release tarballs in the kernel-patches directory.
|
||||||
|
|
||||||
#### Userspace
|
#### Userspace
|
||||||
- Current development release [4.0.0~alpha4](Release_Notes_4.0-alpha4)
|
- Current development release [4.0.2](Release_Notes_4.0.2)
|
||||||
- Current stable release [3.1.7](Release_Notes_3.1.7)
|
- Current stable release [3.1.7](Release_Notes_3.1.7)
|
||||||
- supported release: [3.0.13](Release_Notes_3.0.13)
|
- supported release: [3.0.13](Release_Notes_3.0.13)
|
||||||
- supported release: [ 2.13.11 ](Release_Notes_2.13.11)
|
- supported release: [ 2.13.11 ](Release_Notes_2.13.11)
|
||||||
|
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
- [User space tools](https://launchpad.net/apparmor)
|
- [User space tools](https://launchpad.net/apparmor)
|
||||||
|
|
||||||
[How to get the AppArmor user space tools](launchpadtutorial)
|
[How to get the AppArmor user space tools](launchpadtutorial)
|
||||||
|
|
||||||
Profiles
|
Profiles
|
||||||
--------
|
--------
|
||||||
|
|
||||||
See the [Profiles page](Profiles) for information about AppArmor profiles.
|
See the [Profiles page](Profiles) for information about AppArmor profiles.
|
||||||
|
|
||||||
Documentation
|
Documentation
|
||||||
=============
|
=============
|
||||||
|
|
||||||
AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:
|
AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:
|
||||||
|
|
||||||
- [Documentation about the AppArmor security project](Documentation)
|
- [Documentation about the AppArmor security project](Documentation)
|
||||||
|
|
||||||
Reporting Bugs
|
Reporting Bugs
|
||||||
==============
|
==============
|
||||||
|
|
||||||
- Bug tracking is hosted in GitLab at <https://gitlab.com/apparmor/apparmor/-/issues>
|
- Bug tracking is hosted in GitLab at <https://gitlab.com/apparmor/apparmor/-/issues>
|
||||||
- Historical Bug Tracking is hosted in Launchpad at <https://bugs.launchpad.net/apparmor>. We still accept bugreports there, but GitLab is preferred.
|
- Historical Bug Tracking is hosted in Launchpad at <https://bugs.launchpad.net/apparmor>. We still accept bugreports there, but GitLab is preferred.
|
||||||
|
|
||||||
Reporting Security Vulnerabilities
|
Reporting Security Vulnerabilities
|
||||||
==================================
|
==================================
|
||||||
|
|
||||||
There are 3 ways that security bugs can be reported: as a bug on GitLab (preferred), on Launchpad or by mail.
|
There are 3 ways that security bugs can be reported: as a bug on GitLab (preferred), on Launchpad or by mail.
|
||||||
|
|
||||||
### On GitLab (preferred)
|
### On GitLab (preferred)
|
||||||
|
|
||||||
Open a new issue on GitLab at <https://gitlab.com/apparmor/apparmor/-/issues>.
|
Open a new issue on GitLab at <https://gitlab.com/apparmor/apparmor/-/issues>.
|
||||||
|
|
||||||
When creating the issue, enable the checkbox
|
When creating the issue, enable the checkbox
|
||||||
|
|
||||||
````This issue is confidential and should only be visible to team members with at least Reporter access.```
|
````This issue is confidential and should only be visible to team members with at least Reporter access.```
|
||||||
|
|
||||||
### On Launchpad
|
### On Launchpad
|
||||||
|
|
||||||
On launchpad, create a new bug at <https://bugs.launchpad.net/apparmor>.
|
On launchpad, create a new bug at <https://bugs.launchpad.net/apparmor>.
|
||||||
|
|
||||||
When creating the bug change the
|
When creating the bug change the
|
||||||
```
|
```
|
||||||
This bug contains information that is:
|
This bug contains information that is:
|
||||||
Public
|
Public
|
||||||
```
|
```
|
||||||
|
|
||||||
to
|
to
|
||||||
````Private Security````
|
````Private Security````
|
||||||
|
|
||||||
this will allow **only** you and the apparmor security team to see the bug, until it status is changed to Public Security by either you or the apparmor security team.
|
this will allow **only** you and the apparmor security team to see the bug, until it status is changed to Public Security by either you or the apparmor security team.
|
||||||
|
|
||||||
### email (no account needed)
|
### email (no account needed)
|
||||||
|
|
||||||
If the security issue contains information that is public or can be public. Send an email to
|
If the security issue contains information that is public or can be public. Send an email to
|
||||||
|
|
||||||
```apparmor@lists.ubuntu.com```
|
```apparmor@lists.ubuntu.com```
|
||||||
|
|
||||||
Emails to the list from addresses without an account will go into moderation, so there will be a delay before they hit the list but any email that isn't spam will be moderated through. There is no need to signup to be on the mailing list.
|
Emails to the list from addresses without an account will go into moderation, so there will be a delay before they hit the list but any email that isn't spam will be moderated through. There is no need to signup to be on the mailing list.
|
||||||
|
|
||||||
If the issue should may need an embargo you can send an email to
|
If the issue should may need an embargo you can send an email to
|
||||||
|
|
||||||
```security@apparmor.net```
|
```security@apparmor.net```
|
||||||
|
|
||||||
|
|
||||||
Joining AppArmor
|
Joining AppArmor
|
||||||
================
|
================
|
||||||
|
|
||||||
- [Mailing list](https://lists.ubuntu.com/mailman/listinfo/apparmor)
|
- [Mailing list](https://lists.ubuntu.com/mailman/listinfo/apparmor)
|
||||||
for discussing AppArmor development and use.
|
for discussing AppArmor development and use.
|
||||||
- The IRC channel is \#apparmor on irc.oftc.net
|
- The IRC channel is \#apparmor on irc.oftc.net
|
||||||
- Bug Tracking - project [apparmor](https://launchpad.net/apparmor) on launchpad.net
|
- Bug Tracking - project [apparmor](https://launchpad.net/apparmor) on launchpad.net
|
||||||
- Translations - project [apparmor](https://translations.launchpad.net/apparmor) on launchpad.net
|
- Translations - project [apparmor](https://translations.launchpad.net/apparmor) on launchpad.net
|
||||||
- Code - project [apparmor](https://gitlab.com/apparmor) on GitLab
|
- Code - project [apparmor](https://gitlab.com/apparmor) on GitLab
|
||||||
|
|
||||||
Meetings are held regularly on the IRC channel and are open to the
|
Meetings are held regularly on the IRC channel and are open to the
|
||||||
everyone. Please see [MeetingAgenda](MeetingAgenda) for times.
|
everyone. Please see [MeetingAgenda](MeetingAgenda) for times.
|
||||||
|
|
||||||
How to Contribute
|
How to Contribute
|
||||||
=================
|
=================
|
||||||
Contributions to AppArmor are welcome. Anyone can pull the code
|
Contributions to AppArmor are welcome. Anyone can pull the code
|
||||||
from the git repository or from launchpad, and begin hacking on the
|
from the git repository or from launchpad, and begin hacking on the
|
||||||
code. Patches can be contributed by posting them to the mailing
|
code. Patches can be contributed by posting them to the mailing
|
||||||
list for review or submitting a merge request on GitLab. Please see the [CommitPolicy](CommitPolicy),
|
list for review or submitting a merge request on GitLab. Please see the [CommitPolicy](CommitPolicy),
|
||||||
[Versioning](Versioning), and [Coding Style](Coding Style) before sending patches.
|
[Versioning](Versioning), and [Coding Style](Coding Style) before sending patches.
|
||||||
|
|
||||||
Commit privileges to the git tree and GitLab master repository
|
Commit privileges to the git tree and GitLab master repository
|
||||||
are restricted, but can be earned by any developer who is involved
|
are restricted, but can be earned by any developer who is involved
|
||||||
in the project.
|
in the project.
|
||||||
|
|
||||||
|
|
||||||
What happened to the profile repository?
|
What happened to the profile repository?
|
||||||
========================================
|
========================================
|
||||||
|
|
||||||
[AppArmor profile repository](profile_repo)
|
[AppArmor profile repository](profile_repo)
|
||||||
|
|||||||
Reference in New Issue
Block a user