mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
Change ... to etc
This commit is contained in:
parent
7a7479906a
commit
129f044ce7
1 changed files with 1 additions and 1 deletions
|
@ -8,7 +8,7 @@ There are over 50000 Linux packages and even more applications. It is simply not
|
||||||
|
|
||||||
**What to confine and why?**
|
**What to confine and why?**
|
||||||
|
|
||||||
We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment... Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...).
|
We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment, etc. Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox, etc).
|
||||||
|
|
||||||
This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users.
|
This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue