|From:||John Johansen <email@example.com>|
|Subject:||[AppArmor 00/12] AppArmor security module|
|Date:||Tue, 22 Sep 2009 12:40:01 -0700|
|Cc:||John Johansen <firstname.lastname@example.org>|
This is the beginning of submitting AppArmor upstream again. The introduction and documentation is a wip, but the code is now at point where review and comment, would be greatly appreciated. The AppArmor security module has been rewritten to use the security_path hooks instead of the previous vfs approach. The current implementation is aimed at being as semantically close to previous versions of AppArmor as possible while using the existing LSM infrastructure. This version of AppArmor is a wip and is roughly equivalent to previous versions with better control of exec transitions. Development is on going and improvements to file, capability, network, resource usage and ipc mediation are planned. In brief AppArmor is a security module that uses a white list to determine permissions. It provides rules for file, capability, and network mediation. With its file mediation using path name based pattern matching. Though it is possible to confine an entire system, AppArmor by design allows for application based mediation where only a subset of a running system is confined. AppArmor allows for rules that black list permissions, but these rules are used to annotate known items that will be encountered and should be rejected. AppArmor's base unit of confinement is a profile, which defines the access permissions for tasks it is attached to. Profiles are grouped in to profile namespaces, and must have a unique name within the namespace. Profile names provide context for when a profile should be used and may determine the attachment of a profile to an application. If a profile name begins with a / character its name is considered to be a path name and it may be matched against executable names to determine attachment. Profile names that do not begin with a / character are not considered during automatic profile attachment. Profile names that begin with / characters can contain AppArmor pattern matching and may match against multiple executables. If multiple profiles match an executable then the profile with the longest left exact match wins. If the winner can not be determined execution of the task will fail. Profile names that begin with / characters are consider for attachment when an unconfined application calls exec, or when a confined application uses a exec rules specifying that such a match should be done (px, cx). They may also be attached using the change_profile, or change_hat directives. Profile's names that don't begin with a / character are only attached when they are specified by a profile exec transition, or through using that change_profile, change_hat directives. Further documentation can be found at AppArmor documentation can currently be found at http://developer.novell.com/wiki/index.php/Apparmor The AppArmor git tree can be found at git://kernel.ubuntu.com/jj/apparmor-mainline John Johansen (12): AppArmor misc. base functions and defines AppArmor basic auditing infrastructure. AppArmor contexts used in attaching policy to system objects AppArmor core policy routines AppArmor dfa match engine AppArmor policy routines for loading and unpacking policy AppArmor userspace interfaces AppArmor file enforcement routines AppArmor mediation of non file objects AppArmor domain functions for domain transition AppArmor LSM interface, and security module initialization Enable configuring and building of AppArmor security module include/linux/audit.h | 10 +- security/Kconfig | 1 + security/Makefile | 2 + security/apparmor/Kconfig | 62 ++ security/apparmor/Makefile | 25 + security/apparmor/apparmorfs-24.c | 184 +++++ security/apparmor/apparmorfs.c | 245 ++++++ security/apparmor/audit.c | 159 ++++ security/apparmor/capability.c | 122 +++ security/apparmor/context.c | 227 ++++++ security/apparmor/domain.c | 646 ++++++++++++++++ security/apparmor/file.c | 423 +++++++++++ security/apparmor/include/apparmor.h | 65 ++ security/apparmor/include/apparmorfs.h | 30 + security/apparmor/include/audit.h | 59 ++ security/apparmor/include/capability.h | 45 ++ security/apparmor/include/context.h | 153 ++++ security/apparmor/include/domain.h | 37 + security/apparmor/include/file.h | 229 ++++++ security/apparmor/include/ipc.h | 28 + security/apparmor/include/match.h | 105 +++ security/apparmor/include/net.h | 40 + security/apparmor/include/path.h | 24 + security/apparmor/include/policy.h | 303 ++++++++ security/apparmor/include/policy_interface.h | 22 + security/apparmor/include/procattr.h | 26 + security/apparmor/include/resource.h | 46 ++ security/apparmor/include/sid.h | 46 ++ security/apparmor/ipc.c | 106 +++ security/apparmor/lib.c | 100 +++ security/apparmor/lsm.c | 1029 ++++++++++++++++++++++++++ security/apparmor/match.c | 290 ++++++++ security/apparmor/net.c | 145 ++++ security/apparmor/path.c | 153 ++++ security/apparmor/policy.c | 672 +++++++++++++++++ security/apparmor/policy_interface.c | 855 +++++++++++++++++++++ security/apparmor/procattr.c | 116 +++ security/apparmor/resource.c | 104 +++ security/apparmor/sid.c | 113 +++ 39 files changed, 7046 insertions(+), 1 deletions(-) create mode 100644 security/apparmor/Kconfig create mode 100644 security/apparmor/Makefile create mode 100644 security/apparmor/apparmorfs-24.c create mode 100644 security/apparmor/apparmorfs.c create mode 100644 security/apparmor/audit.c create mode 100644 security/apparmor/capability.c create mode 100644 security/apparmor/context.c create mode 100644 security/apparmor/domain.c create mode 100644 security/apparmor/file.c create mode 100644 security/apparmor/include/apparmor.h create mode 100644 security/apparmor/include/apparmorfs.h create mode 100644 security/apparmor/include/audit.h create mode 100644 security/apparmor/include/capability.h create mode 100644 security/apparmor/include/context.h create mode 100644 security/apparmor/include/domain.h create mode 100644 security/apparmor/include/file.h create mode 100644 security/apparmor/include/ipc.h create mode 100644 security/apparmor/include/match.h create mode 100644 security/apparmor/include/net.h create mode 100644 security/apparmor/include/path.h create mode 100644 security/apparmor/include/policy.h create mode 100644 security/apparmor/include/policy_interface.h create mode 100644 security/apparmor/include/procattr.h create mode 100644 security/apparmor/include/resource.h create mode 100644 security/apparmor/include/sid.h create mode 100644 security/apparmor/ipc.c create mode 100644 security/apparmor/lib.c create mode 100644 security/apparmor/lsm.c create mode 100644 security/apparmor/match.c create mode 100644 security/apparmor/net.c create mode 100644 security/apparmor/path.c create mode 100644 security/apparmor/policy.c create mode 100644 security/apparmor/policy_interface.c create mode 100644 security/apparmor/procattr.c create mode 100644 security/apparmor/resource.c create mode 100644 security/apparmor/sid.c -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds