€•«'Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ,/translations/zh_CN/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/zh_TW/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/it_IT/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ja_JP/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ko_KR/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/pt_BR/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/sp_SP/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒAppArmor”h]”hŒAppArmor”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒF/var/lib/git/docbuild/linux/Documentation/admin-guide/LSM/apparmor.rst”h´Kubh¶)”}”(hhh]”(h»)”}”(hŒWhat is AppArmor?”h]”hŒWhat is AppArmor?”…””}”(hhÎh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhhËh²hh³hÊh´KubhŒ paragraph”“”)”}”(hX7AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task "profiles" being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions.”h]”hX;AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task “profiles†being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions.”…””}”(hhÞh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´KhhËh²hubeh}”(h]”Œwhat-is-apparmor”ah ]”h"]”Œwhat is apparmor?”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒHow to enable/disable”h]”hŒHow to enable/disable”…””}”(hh÷h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhhôh²hh³hÊh´KubhÝ)”}”(hŒ"set ``CONFIG_SECURITY_APPARMOR=y``”h]”(hŒset ”…””}”(hjh²hh³Nh´NubhŒliteral”“”)”}”(hŒ``CONFIG_SECURITY_APPARMOR=y``”h]”hŒCONFIG_SECURITY_APPARMOR=y”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´Khhôh²hubhÝ)”}”(hŒHIf AppArmor should be selected as the default security module then set::”h]”hŒGIf AppArmor should be selected as the default security module then set:”…””}”(hj#h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´Khhôh²hubhŒ literal_block”“”)”}”(hŒ"CONFIG_DEFAULT_SECURITY_APPARMOR=y”h]”hŒ"CONFIG_DEFAULT_SECURITY_APPARMOR=y”…””}”hj3sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1j1h³hÊh´Khhôh²hubhÝ)”}”(hŒ›The CONFIG_LSM parameter manages the order and selection of LSMs. Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack) in the list.”h]”hŒŸThe CONFIG_LSM parameter manages the order and selection of LSMs. Specify apparmor as the first “major†module (e.g. AppArmor, SELinux, Smack) in the list.”…””}”(hjCh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´Khhôh²hubhÝ)”}”(hŒBuild the kernel”h]”hŒBuild the kernel”…””}”(hjQh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´Khhôh²hubhÝ)”}”(hŒIf AppArmor is not the default security module it can be enabled by passing ``security=apparmor`` on the kernel's command line.”h]”(hŒLIf AppArmor is not the default security module it can be enabled by passing ”…””}”(hj_h²hh³Nh´Nubj)”}”(hŒ``security=apparmor``”h]”hŒsecurity=apparmor”…””}”(hjgh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j hj_ubhŒ on the kernel’s command line.”…””}”(hj_h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´Khhôh²hubhÝ)”}”(hŒ¯If AppArmor is the default security module it can be disabled by passing ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the kernel's command line.”h]”(hŒIIf AppArmor is the default security module it can be disabled by passing ”…””}”(hjh²hh³Nh´Nubj)”}”(hŒ``apparmor=0, security=XXXX``”h]”hŒapparmor=0, security=XXXX”…””}”(hj‡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjubhŒ (where ”…””}”(hjh²hh³Nh´Nubj)”}”(hŒ``XXXX``”h]”hŒXXXX”…””}”(hj™h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j hjubhŒ; is valid security module), on the kernel’s command line.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K hhôh²hubhÝ)”}”(hŒ­For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links).”h]”hŒ­For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links).”…””}”(hj±h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K$hhôh²hubeh}”(h]”Œhow-to-enable-disable”ah ]”h"]”Œhow to enable/disable”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒ Documentation”h]”hŒ Documentation”…””}”(hjÊh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjÇh²hh³hÊh´K)ubhÝ)”}”(hŒ5Documentation can be found on the wiki, linked below.”h]”hŒ5Documentation can be found on the wiki, linked below.”…””}”(hjØh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K+hjÇh²hubeh}”(h]”Œ documentation”ah ]”h"]”Œ documentation”ah$]”h&]”uh1hµhh·h²hh³hÊh´K)ubh¶)”}”(hhh]”(h»)”}”(hŒLinks”h]”hŒLinks”…””}”(hjñh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjîh²hh³hÊh´K.ubhÝ)”}”(hŒ(Mailing List - apparmor@lists.ubuntu.com”h]”(hŒMailing List - ”…””}”(hjÿh²hh³Nh´NubhŒ reference”“”)”}”(hŒapparmor@lists.ubuntu.com”h]”hŒapparmor@lists.ubuntu.com”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œ mailto:apparmor@lists.ubuntu.com”uh1jhjÿubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K0hjîh²hubhÝ)”}”(hŒWiki - http://wiki.apparmor.net”h]”(hŒWiki - ”…””}”(hjh²hh³Nh´Nubj)”}”(hŒhttp://wiki.apparmor.net”h]”hŒhttp://wiki.apparmor.net”…””}”(hj'h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j)uh1jhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K2hjîh²hubhÝ)”}”(hŒ.User space tools - https://gitlab.com/apparmor”h]”(hŒUser space tools - ”…””}”(hj<h²hh³Nh´Nubj)”}”(hŒhttps://gitlab.com/apparmor”h]”hŒhttps://gitlab.com/apparmor”…””}”(hjDh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jFuh1jhj<ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K4hjîh²hubhÝ)”}”(hŒOKernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor”h]”hŒOKernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor”…””}”(hjYh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÜh³hÊh´K6hjîh²hubeh}”(h]”Œlinks”ah ]”h"]”Œlinks”ah$]”h&]”uh1hµhh·h²hh³hÊh´K.ubeh}”(h]”Œapparmor”ah ]”h"]”Œapparmor”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jšŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jtjqhñhîjÄjÁjëjèjljiuŒ nametypes”}”(jt‰hñ‰jĉjë‰jl‰uh}”(jqh·hîhËjÁhôjèjÇjijîuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.