€•µ&Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ,/translations/zh_CN/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/zh_TW/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/it_IT/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ja_JP/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/ko_KR/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ,/translations/sp_SP/admin-guide/LSM/apparmor”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒAppArmor”h]”hŒAppArmor”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒF/var/lib/git/docbuild/linux/Documentation/admin-guide/LSM/apparmor.rst”h Kubh¢)”}”(hhh]”(h§)”}”(hŒWhat is AppArmor?”h]”hŒWhat is AppArmor?”…””}”(hhºhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh·hžhhŸh¶h KubhŒ paragraph”“”)”}”(hX7AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task "profiles" being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions.”h]”hX;AppArmor is MAC style security extension for the Linux kernel. It implements a task centered policy, with task “profiles†being created and loaded from user space. Tasks on the system that do not have a profile defined for them run in an unconfined state which is equivalent to standard Linux DAC permissions.”…””}”(hhÊhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h Khh·hžhubeh}”(h]”Œwhat-is-apparmor”ah ]”h"]”Œwhat is apparmor?”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒHow to enable/disable”h]”hŒHow to enable/disable”…””}”(hhãhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hhàhžhhŸh¶h KubhÉ)”}”(hŒ"set ``CONFIG_SECURITY_APPARMOR=y``”h]”(hŒset ”…””}”(hhñhžhhŸNh NubhŒliteral”“”)”}”(hŒ``CONFIG_SECURITY_APPARMOR=y``”h]”hŒCONFIG_SECURITY_APPARMOR=y”…””}”(hhûhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hùhhñubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h KhhàhžhubhÉ)”}”(hŒHIf AppArmor should be selected as the default security module then set::”h]”hŒGIf AppArmor should be selected as the default security module then set:”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h KhhàhžhubhŒ literal_block”“”)”}”(hŒ"CONFIG_DEFAULT_SECURITY_APPARMOR=y”h]”hŒ"CONFIG_DEFAULT_SECURITY_APPARMOR=y”…””}”hjsbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1jhŸh¶h KhhàhžhubhÉ)”}”(hŒ›The CONFIG_LSM parameter manages the order and selection of LSMs. Specify apparmor as the first "major" module (e.g. AppArmor, SELinux, Smack) in the list.”h]”hŒŸThe CONFIG_LSM parameter manages the order and selection of LSMs. Specify apparmor as the first “major†module (e.g. AppArmor, SELinux, Smack) in the list.”…””}”(hj/hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h KhhàhžhubhÉ)”}”(hŒBuild the kernel”h]”hŒBuild the kernel”…””}”(hj=hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h KhhàhžhubhÉ)”}”(hŒIf AppArmor is not the default security module it can be enabled by passing ``security=apparmor`` on the kernel's command line.”h]”(hŒLIf AppArmor is not the default security module it can be enabled by passing ”…””}”(hjKhžhhŸNh Nubhú)”}”(hŒ``security=apparmor``”h]”hŒsecurity=apparmor”…””}”(hjShžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hùhjKubhŒ on the kernel’s command line.”…””}”(hjKhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h KhhàhžhubhÉ)”}”(hŒ¯If AppArmor is the default security module it can be disabled by passing ``apparmor=0, security=XXXX`` (where ``XXXX`` is valid security module), on the kernel's command line.”h]”(hŒIIf AppArmor is the default security module it can be disabled by passing ”…””}”(hjkhžhhŸNh Nubhú)”}”(hŒ``apparmor=0, security=XXXX``”h]”hŒapparmor=0, security=XXXX”…””}”(hjshžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hùhjkubhŒ (where ”…””}”(hjkhžhhŸNh Nubhú)”}”(hŒ``XXXX``”h]”hŒXXXX”…””}”(hj…hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hùhjkubhŒ; is valid security module), on the kernel’s command line.”…””}”(hjkhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K hhàhžhubhÉ)”}”(hŒ­For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links).”h]”hŒ­For AppArmor to enforce any restrictions beyond standard Linux DAC permissions policy must be loaded into the kernel from user space (see the Documentation and tools links).”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K$hhàhžhubeh}”(h]”Œhow-to-enable-disable”ah ]”h"]”Œhow to enable/disable”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒ Documentation”h]”hŒ Documentation”…””}”(hj¶hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj³hžhhŸh¶h K)ubhÉ)”}”(hŒ5Documentation can be found on the wiki, linked below.”h]”hŒ5Documentation can be found on the wiki, linked below.”…””}”(hjÄhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K+hj³hžhubeh}”(h]”Œ documentation”ah ]”h"]”Œ documentation”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K)ubh¢)”}”(hhh]”(h§)”}”(hŒLinks”h]”hŒLinks”…””}”(hjÝhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÚhžhhŸh¶h K.ubhÉ)”}”(hŒ(Mailing List - apparmor@lists.ubuntu.com”h]”(hŒMailing List - ”…””}”(hjëhžhhŸNh NubhŒ reference”“”)”}”(hŒapparmor@lists.ubuntu.com”h]”hŒapparmor@lists.ubuntu.com”…””}”(hjõhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”Œ mailto:apparmor@lists.ubuntu.com”uh1jóhjëubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K0hjÚhžhubhÉ)”}”(hŒWiki - http://wiki.apparmor.net”h]”(hŒWiki - ”…””}”(hj hžhhŸNh Nubjô)”}”(hŒhttp://wiki.apparmor.net”h]”hŒhttp://wiki.apparmor.net”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”juh1jóhj ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K2hjÚhžhubhÉ)”}”(hŒ.User space tools - https://gitlab.com/apparmor”h]”(hŒUser space tools - ”…””}”(hj(hžhhŸNh Nubjô)”}”(hŒhttps://gitlab.com/apparmor”h]”hŒhttps://gitlab.com/apparmor”…””}”(hj0hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j2uh1jóhj(ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K4hjÚhžhubhÉ)”}”(hŒOKernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor”h]”hŒOKernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor”…””}”(hjEhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÈhŸh¶h K6hjÚhžhubeh}”(h]”Œlinks”ah ]”h"]”Œlinks”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K.ubeh}”(h]”Œapparmor”ah ]”h"]”Œapparmor”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j†Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j`j]hÝhÚj°j­j×jÔjXjUuŒ nametypes”}”(j`‰h݉j°‰j׉jX‰uh}”(j]h£hÚh·j­hàjÔj³jUjÚuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.