Identification, Authentication and Authorization

AppArmor

Enables the definition of per-application MAC policies.

  • Profiles.

  • Applications are identified by their path.

    • Instead of i-node.

Profiles restrict applications’ actions to the required set.

  • All other actions will be denied.

Profiles define.

  • Actions white-listed.

  • Logging actions.

Profiles

Profiles are loaded into the kernel.

  • Upon compilation from textual files.

  • apparmor_parser

Profiles can be used voluntarily.

  • aa-exec

PreviousLinux Security Modules (LSM)NextConfinement

Last updated