AppArmor

Last updated
AppArmor
Original author(s) Immunix
Developer(s) Originally by Immunix (1998-2005), then by SUSE as part of Novell (2005-2009), and currently by Canonical Ltd (since 2009).
Initial release1998;25 years ago (1998)
Stable release
3.1.5 [1]   OOjs UI icon edit-ltr-progressive.svg / 9 June 2023;2 months ago (9 June 2023)
Repository gitlab.com/apparmor
Written in C, Python, C++, sh [2]
Operating system Linux
Type Security, Linux Security Modules (LSM)
License GNU General Public License
Website apparmor.net

AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

Contents

Details

In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain. [3] Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. [4] They also claim that AppArmor requires fewer modifications to work with existing systems.[ citation needed ] For example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.

Other systems

AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.

The SELinux system generally takes an approach similar to AppArmor. One important difference: SELinux identifies file system objects by inode number instead of path. Under AppArmor an inaccessible file may become accessible if a hard link to it is created. This difference may be less important than it once was, as Ubuntu 10.10 and later mitigate this with a security module called Yama, which is also used in other distributions. [5] SELinux's inode-based model has always inherently denied access through newly created hard links because the hard link would be pointing to an inaccessible inode.

SELinux and AppArmor also differ significantly in how they are administered and how they integrate into the system.

Isolation of processes can also be accomplished by mechanisms like virtualization; the One Laptop per Child (OLPC) project, for example, sandboxes individual applications in lightweight Vserver.

In 2007, the Simplified Mandatory Access Control Kernel was introduced.

In 2009, a new solution called Tomoyo was included in Linux 2.6.30; like AppArmor, it also uses path-based access control.

Availability

AppArmor was first used in Immunix Linux 1998–2003. At the time, AppArmor was known as SubDomain, [6] [7] a reference to the ability for a security profile for a specific program to be segmented into different domains, which the program can switch between dynamically. AppArmor was first made available in SLES and openSUSE and was first enabled by default in SLES 10 and in openSUSE 10.1.

In May 2005 Novell acquired Immunix and rebranded SubDomain as AppArmor and began code cleaning and rewriting for the inclusion in the Linux kernel. [8] From 2005 to September 2007, AppArmor was maintained by Novell. Novell was taken over by SUSE who are now the legal owner of the trademarked name AppArmor. [9]

AppArmor was first successfully ported/packaged for Ubuntu in April 2007. AppArmor became a default package starting in Ubuntu 7.10, and came as a part of the release of Ubuntu 8.04, protecting only CUPS by default. As of Ubuntu 9.04 more items such as MySQL have installed profiles. AppArmor hardening continued to improve in Ubuntu 9.10 as it ships with profiles for its guest session, libvirt virtual machines, the Evince document viewer, and an optional Firefox profile. [10]

AppArmor was integrated into the October 2010, 2.6.36 kernel release. [11] [12] [13] [14]

AppArmor has been integrated to Synology's DSM since 5.1 Beta in 2014. [15]

AppArmor was enabled in Solus Release 3 on 2017/8/15. [16]

AppArmor is enabled by default in Debian 10 (Buster), released in July 2019. [17]

AppArmor is available in the extra repository of Arch Linux. [18]

See also

Related Research Articles

ReiserFS is a general-purpose, journaling file system initially designed and implemented by a team at Namesys led by Hans Reiser and licensed under GPLv2. Introduced in version 2.4.1 of the Linux kernel, it was the first journaling file system to be included in the standard kernel. ReiserFS was the default file system in Novell's SUSE Linux Enterprise until Novell decided to move to ext3 for future releases on October 12, 2006.

<span class="mw-page-title-main">Security-Enhanced Linux</span> Linux kernel security module

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

<span class="mw-page-title-main">GNU GRUB</span> Boot loader package

GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

<span class="mw-page-title-main">Security-focused operating system</span> Operating systems, that are focused on anonymous, privacy and security.

This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security.

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

Technical variations of Linux distributions include support for different hardware devices and systems or software package configurations. Organizational differences may be motivated by historical reasons. Other criteria include security, including how quickly security upgrades are available; ease of package management; and number of packages available.

openSUSE Community-supported Linux distribution

openSUSE is a free and open source RPM-based Linux distribution developed by the openSUSE project.

Open Enterprise Server (OES) is a server operating system published by Novell in March 2005 to succeed their NetWare product.

<span class="mw-page-title-main">SUSE Linux Enterprise</span> Linux distribution

SUSE Linux Enterprise is a Linux-based operating system developed by SUSE. It is available in two editions, suffixed with Server (SLES) for servers and mainframes, and Desktop (SLED) for workstations and desktop computers. Its major versions are released at an interval of 3–4 years, while minor versions are released about every 12 months. SUSE Linux Enterprise products receive more intense testing than the upstream openSUSE community product, with the intention that only mature, stable versions of the included components will make it through to the released enterprise product.

Linux Security Modules (LSM) is a framework allowing the Linux kernel to support without bias a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the Linux kernel since Linux 2.6. AppArmor, SELinux, Smack, and TOMOYO Linux are the currently approved security modules in the official kernel.

Squashfs is a compressed read-only file system for Linux. Squashfs compresses files, inodes and directories, and supports block sizes from 4 KiB up to 1 MiB for greater compression. Several compression algorithms are supported. Squashfs is also the name of free software, licensed under the GPL, for accessing Squashfs filesystems.

The following tables compare general and technical information for a number of file systems.

ext4 is a journaling file system for Linux, developed as the successor to ext3.

SUSE Linux is a computer operating system developed by SUSE. It is built on top of the free and open source Linux kernel and is distributed with system and application software from other open source projects. SUSE Linux is of German origin, its name being an acronym of "Software und System-Entwicklung", and it was mainly developed in Europe. The first version appeared in early 1994, making SUSE one of the oldest existing commercial distributions. It is known for its YaST configuration tool.

Btrfs is a computer storage format that combines a file system based on the copy-on-write (COW) principle with a logical volume manager, developed together. It was founded by Chris Mason in 2007 for use in Linux, and since November 2013, the file system's on-disk format has been declared stable in the Linux kernel.

<span class="mw-page-title-main">SystemTap</span> Scripting language and tool

In computing, SystemTap is a scripting language and tool for dynamically instrumenting running production Linux-based operating systems. System administrators can use SystemTap to extract, filter and summarize data in order to enable diagnosis of complex performance or functional problems.

<span class="mw-page-title-main">Tomoyo Linux</span> Linux kernel security module

Tomoyo Linux is a Linux kernel security module which implements mandatory access control (MAC).

Dracut is a set of tools that provide enhanced functionality for automating the Linux boot process. The tool named dracut is used to create a Linux boot image (initramfs) by copying tools and files from an installed system and combining it with the Dracut framework, which is usually found in /usr/lib/dracut/modules.d.

<span class="mw-page-title-main">Windows Subsystem for Linux</span> Compatibility layer for running Linux binary executables natively on Windows

Windows Subsystem for Linux (WSL) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting. There are two versions of WSL: WSL 1 and WSL 2. WSL 1 was first released on August 2, 2016, and acts as a compatibility layer for running Linux binary executables by implementing Linux system calls on the Windows kernel. It is available on Windows 10, Windows 10 LTSB/LTSC, Windows 11, Windows Server 2016, Windows Server 2019 and Windows Server 2022.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

References

  1. "Release_Notes_3.1.5".
  2. The AppArmor: Application Armor Open Source Project on Open Hub: Languages Page
  3. Mayank Sharma (2006-12-11). "SELinux: Comprehensive security at the price of usability" . Retrieved 2023-06-11.
  4. Ralf Spenneberg (August 2006). "Protective armor: Shutting out intruders with AppArmor". Linux Magazine. Archived from the original on 21 August 2008. Retrieved 2008-08-02.
  5. "Security/Features - Ubuntu Wiki". wiki.ubuntu.com. Retrieved 2020-07-19.
  6. Vincent Danen (2001-12-17). "Immunix System 7: Linux security with a hard hat (not a Red Hat)". Archived from the original on May 23, 2012.
  7. WireX Communications, Inc. (2000-11-15). "Immunix.org: The Source for Secure Linux Components and Platforms". Archived from the original on 2001-02-03.
  8. "AppArmor_History · Wiki · AppArmor / apparmor".
  9. U.S. Trademark 78,876,817
  10. "SecurityTeam/KnowledgeBase/AppArmorProfiles – Ubuntu Wiki" . Retrieved 9 January 2011.
  11. James Corbet (2010-10-20). "The 2.6.36 kernel is out".
  12. Linus Torvalds (2010-10-20). "Change Log". Archived from the original on 2011-09-04.
  13. "Linux 2.6.36". 2010-10-20.
  14. Sean Michael Kerner (2010-10-20). "Linux Kernel 2.6.36 Gets AppArmor". Archived from the original on 2018-02-03. Retrieved 2010-10-21.
  15. "Release Notes for DSM 5.1 Beta Program".[ permanent dead link ]
  16. "Solus 3 Linux Distribution Released For Enthusiasts".
  17. "New in Buster".
  18. "Arch Linux - apparmor pkgver-pkgrel (x86_64)".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.