summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2010-07-29 14:48:09 -0700
committerJames Morris <jmorris@namei.org>2010-08-02 15:35:15 +1000
commitc1c124e91e7c6d5a600c98f6fb5b443c403a14f4 (patch)
tree58a4cf515dbd4fc4ea9e132fb2c5427d87408e3d /Documentation
parent898127c34ec03291c86f4ff3856d79e9e18952bc (diff)
downloadlinux-3.10-c1c124e91e7c6d5a600c98f6fb5b443c403a14f4.tar.gz
linux-3.10-c1c124e91e7c6d5a600c98f6fb5b443c403a14f4.tar.bz2
linux-3.10-c1c124e91e7c6d5a600c98f6fb5b443c403a14f4.zip
AppArmor: update Maintainer and Documentation
Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/apparmor.txt39
-rw-r--r--Documentation/kernel-parameters.txt8
2 files changed, 47 insertions, 0 deletions
diff --git a/Documentation/apparmor.txt b/Documentation/apparmor.txt
new file mode 100644
index 00000000000..93c1fd7d063
--- /dev/null
+++ b/Documentation/apparmor.txt
@@ -0,0 +1,39 @@
+--- What is AppArmor? ---
+
+AppArmor is MAC style security extension for the Linux kernel. It implements
+a task centered policy, with task "profiles" being created and loaded
+from user space. Tasks on the system that do not have a profile defined for
+them run in an unconfined state which is equivalent to standard Linux DAC
+permissions.
+
+--- How to enable/disable ---
+
+set CONFIG_SECURITY_APPARMOR=y
+
+If AppArmor should be selected as the default security module then
+ set CONFIG_DEFAULT_SECURITY="apparmor"
+ and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+
+Build the kernel
+
+If AppArmor is not the default security module it can be enabled by passing
+security=apparmor on the kernel's command line.
+
+If AppArmor is the default security module it can be disabled by passing
+apparmor=0, security=XXXX (where XXX is valid security module), on the
+kernel's command line
+
+For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
+policy must be loaded into the kernel from user space (see the Documentation
+and tools links).
+
+--- Documentation ---
+
+Documentation can be found on the wiki.
+
+--- Links ---
+
+Mailing List - apparmor@lists.ubuntu.com
+Wiki - http://apparmor.wiki.kernel.org/
+User space tools - https://launchpad.net/apparmor
+Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 2b2407d9a6d..b61f89fa01c 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -93,6 +93,7 @@ parameter is applicable:
Documentation/scsi/.
SECURITY Different security models are enabled.
SELINUX SELinux support is enabled.
+ APPARMOR AppArmor support is enabled.
SERIAL Serial support is enabled.
SH SuperH architecture is enabled.
SMP The kernel is an SMP kernel.
@@ -2312,6 +2313,13 @@ and is between 256 and 4096 characters. It is defined in the file
If enabled at boot time, /selinux/disable can be used
later to disable prior to initial policy load.
+ apparmor= [APPARMOR] Disable or enable AppArmor at boot time
+ Format: { "0" | "1" }
+ See security/apparmor/Kconfig help text
+ 0 -- disable.
+ 1 -- enable.
+ Default value is set via kernel config option.
+
serialnumber [BUGS=X86-32]
shapers= [NET]