To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

AppArmor

From Wikipedia, the free encyclopedia

AppArmor
Original author(s)Immunix
Developer(s)Originally by Immunix (1998-2005), then by SUSE as part of Novell (2005-2009), and currently by Canonical Ltd (since 2009).
Initial release1998; 26 years ago (1998)
Stable release
3.1.7[1] Edit this on Wikidata / 2 February 2024; 3 months ago (2 February 2024)
Repositorygitlab.com/apparmor
Written inC, Python, C++, sh[2]
Operating systemLinux
TypeSecurity, Linux Security Modules (LSM)
LicenseGNU General Public License
Websiteapparmor.net

AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

YouTube Encyclopedic

  • 1/5
    Views:
    3 188
    13 348
    6 818
    567
    3 800
  • Using AppArmor Profiles on Ubuntu 20.04
  • Aaron Jones: Introduction To Firejail, AppArmor, and SELinux
  • Securing Ubuntu 18 04 with Apparmor
  • Advanced Linux Privilege Escalation: AppArmor Profile
  • Christian Boltz: AppArmor Crash Course

Transcription

Details

In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain.[3] Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux.[4] They also claim that AppArmor requires fewer modifications to work with existing systems.[citation needed] For example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.

Other systems

AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.

The SELinux system generally takes an approach similar to AppArmor. One important difference: SELinux identifies file system objects by inode number instead of path. Under AppArmor an inaccessible file may become accessible if a hard link to it is created. This difference may be less important than it once was, as Ubuntu 10.10 and later mitigate this with a security module called Yama, which is also used in other distributions.[5] SELinux's inode-based model has always inherently denied access through newly created hard links because the hard link would be pointing to an inaccessible inode.

SELinux and AppArmor also differ significantly in how they are administered and how they integrate into the system.

Isolation of processes can also be accomplished by mechanisms like virtualization; the One Laptop per Child (OLPC) project, for example, sandboxes individual applications in lightweight Vserver.

In 2007, the Simplified Mandatory Access Control Kernel was introduced.

In 2009, a new solution called Tomoyo was included in Linux 2.6.30; like AppArmor, it also uses path-based access control.

Availability

AppArmor was first used in Immunix Linux 1998–2003. At the time, AppArmor was known as SubDomain,[6][7] a reference to the ability for a security profile for a specific program to be segmented into different domains, which the program can switch between dynamically. AppArmor was first made available in SLES and openSUSE and was first enabled by default in SLES 10 and in openSUSE 10.1.

In May 2005 Novell acquired Immunix and rebranded SubDomain as AppArmor and began code cleaning and rewriting for the inclusion in the Linux kernel.[8] From 2005 to September 2007, AppArmor was maintained by Novell. Novell was taken over by SUSE who are now the legal owner of the trademarked name AppArmor.[9]

AppArmor was first successfully ported/packaged for Ubuntu in April 2007. AppArmor became a default package starting in Ubuntu 7.10, and came as a part of the release of Ubuntu 8.04, protecting only CUPS by default. As of Ubuntu 9.04 more items such as MySQL have installed profiles. AppArmor hardening continued to improve in Ubuntu 9.10 as it ships with profiles for its guest session, libvirt virtual machines, the Evince document viewer, and an optional Firefox profile.[10]

AppArmor was integrated into the October 2010, 2.6.36 kernel release.[11][12][13][14]

AppArmor has been integrated to Synology's DSM since 5.1 Beta in 2014.[15]

AppArmor was enabled in Solus Release 3 on 2017/8/15.[16]

AppArmor is enabled by default in Debian 10 (Buster), released in July 2019.[17]

AppArmor is available in the extra repository of Arch Linux.[18]

See also

References

  1. ^ "Release_Notes_3.1.7 · Wiki · AppArmor / apparmor · GitLab". 2 February 2024. Retrieved 18 March 2024.
  2. ^ The AppArmor: Application Armor Open Source Project on Open Hub: Languages Page
  3. ^ Mayank Sharma (2006-12-11). "SELinux: Comprehensive security at the price of usability". Retrieved 2023-06-11.
  4. ^ Ralf Spenneberg (August 2006). "Protective armor: Shutting out intruders with AppArmor". Linux Magazine. Archived from the original on 21 August 2008. Retrieved 2008-08-02.
  5. ^ "Security/Features - Ubuntu Wiki". wiki.ubuntu.com. Retrieved 2020-07-19.
  6. ^ Vincent Danen (2001-12-17). "Immunix System 7: Linux security with a hard hat (not a Red Hat)". Archived from the original on May 23, 2012.
  7. ^ WireX Communications, Inc. (2000-11-15). "Immunix.org: The Source for Secure Linux Components and Platforms". Archived from the original on 2001-02-03.
  8. ^ "AppArmor_History · Wiki · AppArmor / apparmor".
  9. ^ U.S. Trademark 78,876,817
  10. ^ "SecurityTeam/KnowledgeBase/AppArmorProfiles – Ubuntu Wiki". Retrieved 9 January 2011.
  11. ^ James Corbet (2010-10-20). "The 2.6.36 kernel is out".
  12. ^ Linus Torvalds (2010-10-20). "Change Log". Archived from the original on 2011-09-04.
  13. ^ "Linux 2.6.36". 2010-10-20.
  14. ^ Sean Michael Kerner (2010-10-20). "Linux Kernel 2.6.36 Gets AppArmor". Archived from the original on 2018-02-03. Retrieved 2010-10-21.
  15. ^ "Release Notes for DSM 5.1 Beta Program".[permanent dead link]
  16. ^ "Solus 3 Linux Distribution Released For Enthusiasts".
  17. ^ "New in Buster".
  18. ^ "Arch Linux - apparmor pkgver-pkgrel (x86_64)".

External links

This page was last edited on 4 April 2024, at 09:29
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy