Profiles

From AppArmor
Revision as of 19:16, 29 June 2016 by Smb (Talk | contribs) (apparmor-profiles tree moved to git)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

AppArmor Profiles

Welcome to the AppArmor profiles wiki page!

This page contains resources necessary to begin modifying and developing your own AppArmor profiles.

Where to get AppArmor profiles

Production

Production-ready AppArmor profiles should be packaged by your distribution, either by adding a specific profile to the application package itself, or by shipping a package containing all the AppArmor profiles.

Development

Development of new AppArmor profiles is done in this repository.

The repository contains work-in-progress profiles that are intended to be shipped by distributions once they are deemed to be complete. Anyone is welcome to contribute to the profiles that are located there, keeping in mind that they are for general use and need to be compatible with the default installation of the distribution they will eventually end up in.

Once a distribution representative has decided that a profile is ready for production use, it will be added to the distribution's main packaging. The profile in the repository will then be replaced with a text file describing where the profile has been moved to, and the procedure to file bugs against it.

See the README file for more information.

Example Profiles

The AppArmor user space tools contain some generic example profiles. These have not been customized for individual distributions, and are just for example purposes.

How to get the Development AppArmor profiles

The development AppArmor profiles are in a Bazaar repository. Once you've installed your distro's Bazaar package, you can download them with the following command:

 git clone git://git.launchpad.net/apparmor-profiles

Locate the subdirectory that matches your distribution and version, and look inside for various profiles that are currently in development. You may use a profile by copying it to /etc/apparmor.d, and restarting AppArmor:

 /etc/init.d/apparmor restart
 restart apparmor                #if upstart is being used, with initscripts that have been fully updated to support upstart

How to create or modify AppArmor profiles

See the following wiki pages:

How to contribute AppArmor profiles

Patches and new profiles can be contributed by posting them to the mailing list for review. Please see the CommitPolicy and Versioning before sending patches.

If you are a launchpad user, or wish to join launchpad, launchpad allows creating custom branches of the apparmor-profiles repository and you can submit merge requests from your own custom branch (see Using Launchpad with AppArmor)