AppArmor

Last updated
AppArmor
Original author(s) Immunix
Developer(s) Originally by Immunix (1998-2005), then by SUSE as part of Novell (2005-2009), and currently by Canonical Ltd (since 2009).
Initial release1998;26 years ago (1998)
Stable release
3.1.7 [1]   OOjs UI icon edit-ltr-progressive.svg / 2 February 2024;9 months ago (2 February 2024)
Repository gitlab.com/apparmor
Written in C, Python, C++, sh [2]
Operating system Linux
Type Security, Linux Security Modules (LSM)
License GNU General Public License
Website apparmor.net

AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

Contents

Details

In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain. [3] Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. [4] They also claim that AppArmor requires fewer modifications to work with existing systems.[ citation needed ] For example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.

Other systems

AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.

The SELinux system generally takes an approach similar to AppArmor. One important difference: SELinux identifies file system objects by inode number instead of path. Under AppArmor an inaccessible file may become accessible if a hard link to it is created. This difference may be less important than it once was, as Ubuntu 10.10 and later mitigate this with a security module called Yama, which is also used in other distributions. [5] SELinux's inode-based model has always inherently denied access through newly created hard links because the hard link would be pointing to an inaccessible inode.

SELinux and AppArmor also differ significantly in how they are administered and how they integrate into the system.

Isolation of processes can also be accomplished by mechanisms like virtualization; the One Laptop per Child (OLPC) project, for example, sandboxes individual applications in lightweight Vserver.

In 2007, the Simplified Mandatory Access Control Kernel was introduced.

In 2009, a new solution called Tomoyo was included in Linux 2.6.30; like AppArmor, it also uses path-based access control.

Availability

AppArmor was first used in Immunix Linux 1998–2003. At the time, AppArmor was known as SubDomain, [6] [7] a reference to the ability for a security profile for a specific program to be segmented into different domains, which the program can switch between dynamically. AppArmor was first made available in SLES and openSUSE and was first enabled by default in SLES 10 and in openSUSE 10.1.

In May 2005 Novell acquired Immunix and rebranded SubDomain as AppArmor and began code cleaning and rewriting for the inclusion in the Linux kernel. [8] From 2005 to September 2007, AppArmor was maintained by Novell. Novell was taken over by SUSE who are now the legal owner of the trademarked name AppArmor. [9]

AppArmor was first successfully ported/packaged for Ubuntu in April 2007. AppArmor became a default package starting in Ubuntu 7.10, and came as a part of the release of Ubuntu 8.04, protecting only CUPS by default. As of Ubuntu 9.04 more items such as MySQL have installed profiles. AppArmor hardening continued to improve in Ubuntu 9.10 as it ships with profiles for its guest session, libvirt virtual machines, the Evince document viewer, and an optional Firefox profile. [10]

AppArmor was integrated into the October 2010, 2.6.36 kernel release. [11] [12] [13] [14]

AppArmor has been integrated to Synology's DSM since 5.1 Beta in 2014. [15]

AppArmor was enabled in Solus Release 3 on 2017/8/15. [16]

AppArmor is enabled by default in Debian 10 (Buster), released in July 2019. [17]

AppArmor is available in the extra repository of Arch Linux. [18]

See also

Related Research Articles

ReiserFS is a general-purpose, journaling file system initially designed and implemented by a team at Namesys led by Hans Reiser and licensed under GPLv2. Introduced in version 2.4.1 of the Linux kernel, it was the first journaling file system to be included in the standard kernel. ReiserFS was the default file system in Novell's SUSE Linux Enterprise until Novell decided to move to ext3 for future releases on October 12, 2006.

<span class="mw-page-title-main">Security-Enhanced Linux</span> Linux kernel security module

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

<span class="mw-page-title-main">GNOME Evolution</span> Personal information manager software and workgroup information management tool for GNOME

GNOME Evolution is the official personal information manager for GNOME. It has been an official part of GNOME since Evolution 2.0 was included with the GNOME 2.8 release in September 2004. It combines e-mail, address book, calendar, task list and note-taking features. Its user interface and functionality is similar to Microsoft Outlook. Evolution is free software licensed under the terms of the GNU Lesser General Public License (LGPL).

<span class="mw-page-title-main">GNU GRUB</span> Boot loader package

GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

Rule-set-based access control (RSBAC) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000.

In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment constrains the ability of a subject or initiator to access or modify on an object or target. In the case of operating systems, the subject is a process or thread, while objects are files, directories, TCP/UDP ports, shared memory segments, or IO devices. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, the operating system kernel examines these security attributes, examines the authorization rules in place, and decides whether to grant access. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

Technical variations of Linux distributions include support for different hardware devices and systems or software package configurations. Organizational differences may be motivated by historical reasons. Other criteria include security, including how quickly security upgrades are available; ease of package management; and number of packages available.

openSUSE Community-supported Linux distribution

openSUSE is a free and open-source Linux distribution developed by the openSUSE project. It is offered in two main variations: Tumbleweed, an upstream rolling release distribution, and Leap, a stable release distribution which is sourced from SUSE Linux Enterprise.

Open Enterprise Server (OES) is a server operating system published by OpenText. It was first published by Novell in March 2005 to succeed their NetWare product.

<span class="mw-page-title-main">SUSE Linux Enterprise</span> Linux distribution

SUSE Linux Enterprise (SLE) is a Linux-based operating system developed by SUSE. It is available in two editions, suffixed with Server (SLES) for servers and mainframes, and Desktop (SLED) for workstations and desktop computers.

Linux Security Modules (LSM) is a framework allowing the Linux kernel to support, without bias, a variety of computer security models. LSM is licensed under the terms of the GNU General Public License and is a standard part of the Linux kernel since Linux 2.6. AppArmor, SELinux, Smack, and TOMOYO Linux are the currently approved security modules in the official kernel.

Squashfs is a compressed read-only file system for Linux. Squashfs compresses files, inodes and directories, and supports block sizes from 4 KiB up to 1 MiB for greater compression. Several compression algorithms are supported. Squashfs is also the name of free software, licensed under the GPL, for accessing Squashfs filesystems.

The following tables compare general and technical information for a number of file systems.

ext4 is a journaling file system for Linux, developed as the successor to ext3.

Btrfs is a computer storage format that combines a file system based on the copy-on-write (COW) principle with a logical volume manager, developed together. It was created by Chris Mason in 2007 for use in Linux, and since November 2013, the file system's on-disk format has been declared stable in the Linux kernel.

<span class="mw-page-title-main">SystemTap</span> Scripting language and tool

In computing, SystemTap is a scripting language and tool for dynamically instrumenting running production Linux-based operating systems. System administrators can use SystemTap to extract, filter and summarize data in order to enable diagnosis of complex performance or functional problems.

<span class="mw-page-title-main">Tomoyo Linux</span> Linux kernel security module

Tomoyo Linux is a Linux kernel security module which implements mandatory access control (MAC).

dracut (software) Software to automate the Linux boot process

Dracut is a set of tools that provide enhanced functionality for automating the Linux boot process. The tool named dracut is used to create a Linux boot image (initramfs) by copying tools and files from an installed system and combining it with the Dracut framework, which is usually found in /usr/lib/dracut/modules.d.

<span class="mw-page-title-main">Windows Subsystem for Linux</span> Feature that provides for a Linux operating system within Windows

Windows Subsystem for Linux (WSL) is a feature of Microsoft Windows that allows for using a Linux environment without the need for a separate virtual machine or dual booting. WSL is installed by default in Windows 11. In Windows 10, it can be installed either by joining the Windows Insider program or manually via Microsoft Store or Winget.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

References

  1. "Release_Notes_3.1.7 · Wiki · AppArmor / apparmor · GitLab". 2 February 2024. Retrieved 18 March 2024.
  2. The AppArmor: Application Armor Open Source Project on Open Hub: Languages Page
  3. Mayank Sharma (2006-12-11). "SELinux: Comprehensive security at the price of usability" . Retrieved 2023-06-11.
  4. Ralf Spenneberg (August 2006). "Protective armor: Shutting out intruders with AppArmor". Linux Magazine. Archived from the original on 21 August 2008. Retrieved 2008-08-02.
  5. "Security/Features - Ubuntu Wiki". wiki.ubuntu.com. Retrieved 2020-07-19.
  6. Vincent Danen (2001-12-17). "Immunix System 7: Linux security with a hard hat (not a Red Hat)". Archived from the original on May 23, 2012.
  7. WireX Communications, Inc. (2000-11-15). "Immunix.org: The Source for Secure Linux Components and Platforms". Archived from the original on 2001-02-03.
  8. "AppArmor_History · Wiki · AppArmor / apparmor".
  9. U.S. Trademark 78,876,817
  10. "SecurityTeam/KnowledgeBase/AppArmorProfiles – Ubuntu Wiki" . Retrieved 9 January 2011.
  11. James Corbet (2010-10-20). "The 2.6.36 kernel is out".
  12. Linus Torvalds (2010-10-20). "Change Log". Archived from the original on 2011-09-04.
  13. "Linux 2.6.36". 2010-10-20.
  14. Sean Michael Kerner (2010-10-20). "Linux Kernel 2.6.36 Gets AppArmor". Archived from the original on 2018-02-03. Retrieved 2010-10-21.
  15. "Release Notes for DSM 5.1 Beta Program".[ permanent dead link ]
  16. "Solus 3 Linux Distribution Released For Enthusiasts".
  17. "New in Buster".
  18. "Arch Linux - apparmor pkgver-pkgrel (x86_64)".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.