Difference between revisions of "Main Page"

From AppArmor
Jump to: navigation, search
(Userspace)
(Userspace)
 
(38 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= AppArmor =
+
= [[AppArmor:About|AppArmor]] =
  
Welcome to the AppArmor security project wiki, the wiki for users and developers of the AppArmor security project. This wiki replaces the [http://developer.novell.com/wiki/index.php/Apparmor old novell forge wiki].
+
Welcome to the AppArmor security project wiki, the wiki for users and developers of the AppArmor security project.
  
 
== Description ==
 
== Description ==
 
AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.
 
AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.
 +
 +
 +
More details about AppArmor can be found in the [[Documentation|documentation]]
  
 
= Getting AppArmor =
 
= Getting AppArmor =
Line 10: Line 13:
 
Distributions that include AppArmor:
 
Distributions that include AppArmor:
 
* [http://annvix.org Annvix]
 
* [http://annvix.org Annvix]
 +
* [https://www.archlinux.org/ Arch Linux]
 +
* [http://http://www.debian.org/ Debian]
 +
* [http://www.gentoo.org/ Gentoo]
 
* [http://http://www.mandriva.com/ Mandriva]
 
* [http://http://www.mandriva.com/ Mandriva]
* [http://www.opensuse.org openSUSE]
+
* [http://www.opensuse.org openSUSE] (integrated in default install)
 
* [http://www.pardus.org.tr Pardus Linux]
 
* [http://www.pardus.org.tr Pardus Linux]
 
* [http://www.pld-linux.org PLD]
 
* [http://www.pld-linux.org PLD]
* [http://www.ubuntu.com Ubuntu]
+
* [http://www.ubuntu.com Ubuntu] (integrated in default install)
  
[http://download.opensuse.org/repositories/security:/apparmor:/factory/ Updated RPMS] can be found at the [http://en.opensuse.org/Build_Service openSUSE Build Service]. These are not limited to SUSE distributions.
+
Any derivatives of these distributions should also have AppArmor available. [http://download.opensuse.org/repositories/security:/apparmor/ Updated RPMS] can be found at the [http://en.opensuse.org/Build_Service openSUSE Build Service]. These are not limited to SUSE distributions.
  
 
== Source code==
 
== Source code==
The AppArmor project source is split between the kernel module and the user space tools.
+
The AppArmor project source is split between the kernel module, available in the Linux kernel and git development tree and the user space tools available in launchpad.
  
 
==== Kernel ====
 
==== Kernel ====
Line 25: Line 31:
 
* [[gittutorial|How to get the AppArmor kernel source]]<br>Note: the master branch is not stable and will be rebased from time to time.  Release branches will be stable and will not be rebased.
 
* [[gittutorial|How to get the AppArmor kernel source]]<br>Note: the master branch is not stable and will be rebased from time to time.  Release branches will be stable and will not be rebased.
  
The AppArmor v2.4 compatibility patches are broken out here:
+
The AppArmor v2.4 compatibility patches are available in the stable kernel branches. eg v3.4-aa2.8 or in the release tarballs in the kernel-patches directory.
* http://www.kernel.org/pub/linux/security/apparmor/
+
  
 
==== Userspace ====
 
==== Userspace ====
  
Development release: AppArmor 2.8
+
Development release: AppArmor 4.0
* in early development
+
* in development
 +
* targeting
 +
** support of gsettings
 +
** query caching
 +
** extensible rule support so older parsers don't break on new rule types
  
Current stable release: AppArmor 2.7.2
+
Current stable release: 2.11.1
* http://launchpad.net/apparmor/2.7/2.7.2/+download/apparmor-2.7.2.tar.gz  
+
* https://launchpad.net/apparmor/2.11/2.11.1/+download/apparmor-2.11.1.tar.gz
* md5sum 2863e85bdfdf9ee35b83db6721fed1f1
+
* sha256sum: e8e2b22c18e6b6741c1f96942398923b97316b53d86408629f922d5689ec3507
* signature http://launchpad.net/apparmor/2.7/2.7.2/+download/apparmor-2.7.2.tar.gz.asc  
+
* signature: https://launchpad.net/apparmor/2.11/2.11.1/+download/apparmor-2.11.1.tar.gz.asc
* release notes [[ReleaseNotes_2_7_2]]
+
* [[ReleaseNotes_2_11_1 | 2.11.1 release notes]]
  
Prior supported release: AppArmor 2.6.2
+
Prior supported release: 2.10.3
* http://launchpad.net/apparmor/2.6/2.6.2/+download/apparmor-2.6.2.tar.gz
+
* https://launchpad.net/apparmor/2.10/2.10.3/+download/apparmor-2.10.3.tar.gz
* md5sum
+
* sha256sum: 794a377a93b661c92877f99f386896a2c46730bdf4446ba859343a181a56ba6a
* release notes [[ReleaseNotes_2_6_2]]
+
* signature: https://launchpad.net/apparmor/2.10/2.10.3/+download/apparmor-2.10.3.tar.gz.asc
 +
* [[ReleaseNotes_2_10_3 | 2.10.3 release notes]]
 +
 
 +
Prior release: 2.9.5
 +
* https://launchpad.net/apparmor/2.9/2.9.5/+download/apparmor-2.9.5.tar.gz
 +
* sha256sum: 007e660323790aaa5fa098f39dbc09c43a074ff17c32cf0dbbb4e492010af485
 +
* signature: https://launchpad.net/apparmor/2.9/2.9.5/+download/apparmor-2.9.5.tar.gz.asc
 +
* [[ReleaseNotes_2_9_5 | 2.9.5 release notes]]
  
 
==== Development ====
 
==== Development ====
 +
 +
tentative release schedule for version 3.0
 +
* Alpha 1: week of Oct 24.
 +
* Alpha 2: late November
 +
* Alpha 3/beta 1: late December
 +
* beta1/beta2: in mid January
 +
* beta2/3 start of Feb
 +
* release: late Feb with possible slip to late march.
 +
 
* [https://launchpad.net/apparmor User space tools]<br>[[launchpadtutorial|How to get the AppArmor user space tools]]
 
* [https://launchpad.net/apparmor User space tools]<br>[[launchpadtutorial|How to get the AppArmor user space tools]]
  
Line 53: Line 78:
 
= Documentation =
 
= Documentation =
 
AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:
 
AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:
* [[Documentation| Official documentation]]
+
* [[Documentation| Documentation about the AppArmor security project]]
  
Distribution documentation and notes:
+
Documentation and notes about using AppArmor in a given distribution:
 
* [[Distro_CentOS| AppArmor on CentOS]]
 
* [[Distro_CentOS| AppArmor on CentOS]]
 
* [[distro_debian| AppArmor on Debian]]
 
* [[distro_debian| AppArmor on Debian]]
 +
* [[distro_suse| AppArmor on Suse]]
 
* [[distro_ubuntu| AppArmor on Ubuntu]]
 
* [[distro_ubuntu| AppArmor on Ubuntu]]
  
Line 66: Line 92:
 
* [https://lists.ubuntu.com/mailman/listinfo/apparmor Mailing list]<br>Discuss AppArmor development and use.
 
* [https://lists.ubuntu.com/mailman/listinfo/apparmor Mailing list]<br>Discuss AppArmor development and use.
 
* The IRC channel is #apparmor on irc.oftc.net
 
* The IRC channel is #apparmor on irc.oftc.net
* Bug Tracking - project apparmor on launchpad.net
+
* Bug Tracking - project [https://launchpad.net/apparmor apparmor] on launchpad.net
  
 
Contributions to AppArmor are welcome.  Anyone can pull the code from the git repository or from launchpad, and begin hacking on the code.  Patches can be contributed by posting them to the mailing list for review. Please see the [[CommitPolicy|CommitPolicy]] and [[Versioning|Versioning]] before sending patches.  
 
Contributions to AppArmor are welcome.  Anyone can pull the code from the git repository or from launchpad, and begin hacking on the code.  Patches can be contributed by posting them to the mailing list for review. Please see the [[CommitPolicy|CommitPolicy]] and [[Versioning|Versioning]] before sending patches.  
Line 75: Line 101:
  
 
Meetings are held regularly on the IRC channel and are open to the everyone. Please see [[MeetingAgenda|MeetingAgenda]] for times.
 
Meetings are held regularly on the IRC channel and are open to the everyone. Please see [[MeetingAgenda|MeetingAgenda]] for times.
 +
 +
= What happened to the profile repository? =
 +
[[profile_repo| AppArmor profile repository]]

Latest revision as of 09:25, 19 October 2017

AppArmor

Welcome to the AppArmor security project wiki, the wiki for users and developers of the AppArmor security project.

Description

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.


More details about AppArmor can be found in the documentation

Getting AppArmor

Distributions and Ports

Distributions that include AppArmor:

Any derivatives of these distributions should also have AppArmor available. Updated RPMS can be found at the openSUSE Build Service. These are not limited to SUSE distributions.

Source code

The AppArmor project source is split between the kernel module, available in the Linux kernel and git development tree and the user space tools available in launchpad.

Kernel

AppArmor is in the upstream kernel as of 2.6.36. Earlier releases are available in the kernel module git tree:

The AppArmor v2.4 compatibility patches are available in the stable kernel branches. eg v3.4-aa2.8 or in the release tarballs in the kernel-patches directory.

Userspace

Development release: AppArmor 4.0

  • in development
  • targeting
    • support of gsettings
    • query caching
    • extensible rule support so older parsers don't break on new rule types

Current stable release: 2.11.1

Prior supported release: 2.10.3

Prior release: 2.9.5

Development

tentative release schedule for version 3.0

  • Alpha 1: week of Oct 24.
  • Alpha 2: late November
  • Alpha 3/beta 1: late December
  • beta1/beta2: in mid January
  • beta2/3 start of Feb
  • release: late Feb with possible slip to late march.

Profiles

See the Profiles page for information about AppArmor profiles.

Documentation

AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:

Documentation and notes about using AppArmor in a given distribution:

Reporting Bugs

Joining AppArmor

  • Mailing list
    Discuss AppArmor development and use.
  • The IRC channel is #apparmor on irc.oftc.net
  • Bug Tracking - project apparmor on launchpad.net

Contributions to AppArmor are welcome. Anyone can pull the code from the git repository or from launchpad, and begin hacking on the code. Patches can be contributed by posting them to the mailing list for review. Please see the CommitPolicy and Versioning before sending patches.

If you are a launchpad member, or wish to join launchpad, launchpad allows creating custom branches of AppArmor and you can submit merge requests from your own custom branch (see Using Launchpad with AppArmor)

Commit privileges to the git tree and launchpad master repository are restricted, but can be earned by any developer who is involved in the project.

Meetings are held regularly on the IRC channel and are open to the everyone. Please see MeetingAgenda for times.

What happened to the profile repository?

AppArmor profile repository