doc: ReSTify apparmor.txt (26fccd9e) · Commits · e / devices / android_kernel_fairphone_FP4

Documentation/security/apparmor.txt→Documentation/admin-guide/LSM/apparmor.rst

+24 −12

Original line number	Diff line number	Diff line
		--- What is AppArmor? ---
		========
		AppArmor
		========

		What is AppArmor?
		=================

		AppArmor is MAC style security extension for the Linux kernel. It implements
		a task centered policy, with task "profiles" being created and loaded
		@@ -6,34 +11,41 @@ from user space. Tasks on the system that do not have a profile defined for
		them run in an unconfined state which is equivalent to standard Linux DAC
		permissions.

		--- How to enable/disable ---
		How to enable/disable
		=====================

		set ``CONFIG_SECURITY_APPARMOR=y``

		set CONFIG_SECURITY_APPARMOR=y
		If AppArmor should be selected as the default security module then set::

		If AppArmor should be selected as the default security module then
		set CONFIG_DEFAULT_SECURITY="apparmor"
		and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
		CONFIG_DEFAULT_SECURITY="apparmor"
		CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

		Build the kernel

		If AppArmor is not the default security module it can be enabled by passing
		security=apparmor on the kernel's command line.
		``security=apparmor`` on the kernel's command line.

		If AppArmor is the default security module it can be disabled by passing
		apparmor=0, security=XXXX (where XXX is valid security module), on the
		kernel's command line
		``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the
		kernel's command line.

		For AppArmor to enforce any restrictions beyond standard Linux DAC permissions
		policy must be loaded into the kernel from user space (see the Documentation
		and tools links).

		--- Documentation ---
		Documentation
		=============

		Documentation can be found on the wiki.
		Documentation can be found on the wiki, linked below.

		--- Links ---
		Links
		=====

		Mailing List - apparmor@lists.ubuntu.com

		Wiki - http://apparmor.wiki.kernel.org/

		User space tools - https://launchpad.net/apparmor

		Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git

Documentation/admin-guide/LSM/index.rst

+1 −0

Original line number	Diff line number	Diff line
		@@ -33,4 +33,5 @@ the one "major" module (e.g. SELinux) if there is one configured.
		.. toctree::
		:maxdepth: 1

		apparmor
		SELinux

Documentation/security/00-INDEX

+0 −2

Original line number	Diff line number	Diff line
		@@ -4,8 +4,6 @@ Smack.txt
		- documentation on the Smack Linux Security Module.
		Yama.txt
		- documentation on the Yama Linux Security Module.
		apparmor.txt
		- documentation on the AppArmor security extension.
		keys-ecryptfs.txt
		- description of the encryption keys for the ecryptfs filesystem.
		keys-request-key.txt

MAINTAINERS

+1 −0

Original line number	Diff line number	Diff line
		@@ -11560,6 +11560,7 @@ W: apparmor.wiki.kernel.org
		T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git
		S: Supported
		F: security/apparmor/
		F: Documentation/admin-guide/LSM/apparmor.rst

		LOADPIN SECURITY MODULE
		M: Kees Cook <keescook@chromium.org>

security/apparmor/match.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -226,7 +226,7 @@ void aa_dfa_free_kref(struct kref *kref)
		* @flags: flags controlling what type of accept tables are acceptable
		*
		* Unpack a dfa that has been serialized. To find information on the dfa
		* format look in Documentation/security/apparmor.txt
		* format look in Documentation/admin-guide/LSM/apparmor.rst
		* Assumes the dfa @blob stream has been aligned on a 8 byte boundary
		*
		* Returns: an unpacked dfa ready for matching or ERR_PTR on failure