AppArmor

AppArmor
Original author(s)	Immunix
Initial release	1998
Stable release	2.6.1 / Mar 24, 2011
Written in	C, Perl
Operating system	Linux
Type	Security
License	GNU General Public License
Website	http://wiki.apparmor.net/index.php/Main_Page

From Wikipedia, the free encyclopedia

Jump to: navigation, search

AppArmor ("Application Armor") is a security module for the Linux kernel, released under the GNU General Public License. AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included as of the 2.6.36 version of the mainline Linux kernel. Since 2009, Canonical contributes to the ongoing AppArmor development.

In addition to manually specifying profiles, AppArmor includes a learning mode, in which violations of the profile are logged, but not prevented. This log can then be turned into a profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain.^[1] Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux.^[2] They also claim that AppArmor requires fewer modifications to work with existing systems:^{[citation needed]} for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-neutral.

[edit] Other systems

AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.

The SELinux system generally takes a similar approach to AppArmor. One important difference is that SELinux identifies file system objects by inode number instead of path. This means that, for example, a file that is inaccessible may become accessible under AppArmor when a hard link is created to it, while SELinux would deny access through the newly created hard link. On the other hand, data that is inaccessible may become accessible under SELinux when applications update the file by replacing it with a new version (a frequently used technique), while AppArmor would continue to deny access to the data. (In both cases, a default policy of "no access" avoids the problem.)^{[citation needed]}

While there has been considerable debate about which approach is better, there is as yet no strong evidence that either approach is preferable. Discussion about their relative merits often revolves around which approach is more aligned with existing Unix/Linux access control mechanisms, but Unix and Linux use a combination of path-based and inode-based access control. Note also that existing access control mechanisms remain in place with either system.^{[citation needed]}

SELinux and AppArmor also differ significantly in how they are administered and how they integrate into the system.

Isolation of processes can also be accomplished by mechanisms like virtualization; the One Laptop per Child (OLPC) project, for example, sandboxes individual applications in lightweight Vserver.

In 2007, the Simplified Mandatory Access Control Kernel was introduced.

In 2009, a new solution called Tomoyo was included in Linux 2.6.30; like AppArmor, it also uses path-based access control.

[edit] Availability

AppArmor was first used in Immunix Linux 1998-2003; at the time, AppArmor was known as SubDomain^[3]^[4], a reference to the ability for a security profile for a specific program to be segmented into different domains, which the program can switch between dynamically. AppArmor was first made available in SUSE and openSUSE, and was first enabled by default in SUSE Linux Enterprise Server 10 and in openSUSE 10.1.

From 2005 through September 2007, AppArmor was maintained by Novell.

AppArmor was first successfully ported/packaged for Ubuntu in April 2007. AppArmor comes installed by default in Ubuntu 7.10 Gutsy Gibbon, and came as a part of the release of Ubuntu 8.04, protecting only CUPS by default. As of Ubuntu 9.04 Jaunty Jackalope more items such as MySQL have installed profiles. AppArmor hardening continued to improve in Ubuntu 9.10 Karmic Koala as it ships with profiles for its guest session, libvirt virtual machines, the Evince document viewer, and an optional Firefox profile.^[5]

AppArmor was integrated into the October 2010, 2.6.36 kernel release^[6]^[7]^[8]^[9].

[edit] See also

Free software portal

Immunix, the original developers of AppArmor
Linux Intrusion Detection System (LIDS)
Security-Enhanced Linux
Systrace
Grsecurity

[edit] References

^ Mayank Sharma (2006-12-11). "Linux.com :: SELinux: Comprehensive security at the price of usability". http://www.linux.com/articles/58942.
^ Ralf Spenneberg (August 2006). "Protective armor: Shutting out intruders with AppArmor". Linux Magazine. http://www.linux-magazine.com/issues/2006/69/protective_armor. Retrieved 2008-08-02.
^ Vincent Danen (2001-12-17). "Immunix System 7: Linux security with a hard hat (not a Red Hat)". http://articles.techrepublic.com.com/5100-10878_11-1053405.html.
^ WireX Communications, Inc. (2000-11-15). "Immunix.org: The Source for Secure Linux Components and Platforms". Archived from the original on 2001-02-03. http://web.archive.org/web/20010203215300/http://www.immunix.org/.
^ "SecurityTeam/KnowledgeBase/AppArmorProfiles - Ubuntu Wiki". https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles. Retrieved 9 January 2011.
^ James Corbet (2010-10-20). "The 2.6.36 kernel is out". http://lwn.net/Articles/409810.
^ Linus Torvalds (2010-10-20). "Change Log". http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.
^ "Linux 2 6 36". 2010-10-20. http://kernelnewbies.org/Linux_2_6_36.
^ Sean Michael Kerner (2010-10-20). "Linux Kernel 2.6.36 Gets AppArmor". http://www.linuxplanet.com/linuxplanet/reports/7203/1/.

[edit] External links

AppArmor Wiki
AppArmor description from openSUSE.org
LKML thread containing comments and criticism of AppArmor
Apparmor packages for Ubuntu
Counterpoint: Novell and Red Hat security experts face off on AppArmor and SELinux
http://www.novell.com/linux/security/apparmor/

[0] Mayank Sharma (2006-12-11). "Linux.com :: SELinux: Comprehensive security at the price of usability". http://www.linux.com/articles/58942.

[1] Ralf Spenneberg (August 2006). "Protective armor: Shutting out intruders with AppArmor". Linux Magazine. http://www.linux-magazine.com/issues/2006/69/protective_armor. Retrieved 2008-08-02.

[2] Vincent Danen (2001-12-17). "Immunix System 7: Linux security with a hard hat (not a Red Hat)". http://articles.techrepublic.com.com/5100-10878_11-1053405.html.

[3] WireX Communications, Inc. (2000-11-15). "Immunix.org: The Source for Secure Linux Components and Platforms". Archived from the original on 2001-02-03. http://web.archive.org/web/20010203215300/http://www.immunix.org/.

[4] "SecurityTeam/KnowledgeBase/AppArmorProfiles - Ubuntu Wiki". https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles. Retrieved 9 January 2011.

[5] James Corbet (2010-10-20). "The 2.6.36 kernel is out". http://lwn.net/Articles/409810.

[6] Linus Torvalds (2010-10-20). "Change Log". http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.

[7] "Linux 2 6 36". 2010-10-20. http://kernelnewbies.org/Linux_2_6_36.

[8] Sean Michael Kerner (2010-10-20). "Linux Kernel 2.6.36 Gets AppArmor". http://www.linuxplanet.com/linuxplanet/reports/7203/1/.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

AppArmor

Contents

[edit] Other systems

[edit] Availability

[edit] See also

[edit] References

[edit] External links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Interaction

Toolbox

Print/export

Languages