From a2dc24f61d93c47ac3f53cebeda599d8161fcc2d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 9 May 2021 15:08:26 +0100 Subject: [PATCH] Better goals description. --- README.md | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 8fda6acf..3253ca8c 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,23 @@ [][project] -# apparmor.d +# apparmor.d [![][build]][project] -[![][build]][project] - -**Full set of apparmor profiles** +**Full set of AppArmor profiles** > Warning: This project is still in early development. ## Description -A set of over 800 apparmor profiles which aims is to confine most of Linux base -applications and processes. +A set of over 800 AppArmor profiles which aims is to confine most of Linux base applications and processes. **Goals & Purpose** -- All distribution that support Apparmor (currenlty Archlinux and Debian), +- Support all distribution that support AppArmor (currenlty Archlinux and Debian), - Target both desktop and server, -- Confine all root services (bluetooth, dbus, polkit, networkmanager...), +- Confine all root processes (bluetooth, dbus, polkit, networkmanager, systemd...), - Confine all Desktop environments (currently only Gnome), -- Fully tested (Work in progress), - Should not break a normal usage of the confined software. - -These profiles strive to be fully functional with zero audit log warnings under -proper behavior. Functionality is not ignored. If functionality is not -explicitly blocked, then it's probably a bug in the profile and should be fixed. +- Fully tested (Work in progress), **Note:** This work is part of a bigger linux security project. @@ -32,6 +25,15 @@ explicitly blocked, then it's probably a bug in the profile and should be fixed. to extend it to more Linux distributions and desktop environements. +## Concepts + +There are over 50000 Linux packages and even more applications. It is simply not possible to write an AppArmor profile for all of them. Therefore a question arises: *What to confine and why?* + +We take inspiration from the [Android/ChromeOS Security Model][android_model] and we apply it to the Linux world. Modern [linux security implementation][clipos] usually consider a core base image with a carefully set of selected applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment... Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap...). + +This is fundamentally different from how AppArmor is used on Linux server as it is common to only confine the applications that face the internet and/or the users. + + ## Tests A full test suite to ensure compatibility across distributions and softwares is @@ -42,7 +44,8 @@ still a work in progress. **Requirements** * An `apparmor` based linux distribution. * A `systemd` based linux distribution. -* Base profiles and abstraction shipped with apparmor are supposed to be installed. +* Base profiles and abstractions shipped with AppArmor are supposed to be + installed. **Archlinux** @@ -65,8 +68,7 @@ Feedbacks, contributors, pull requests, are all very welcome. ## License -This program is based on Mikhail Morfikov's [apparmor profiles project][upstream] -and thus has the same license (GPL2). +This program is based on Mikhail Morfikov's [apparmor profiles project][upstream] and thus has the same license (GPL2). ``` Copyright (C) Alexandre PUJOL & Mikhail Morfikov @@ -88,3 +90,6 @@ with this program; if not, write to the Free Software Foundation, Inc., [upstream]: https://gitlab.com/morfikov/apparmemall [project]: https://gitlab.com/roddhjav/apparmor.d [build]: https://gitlab.com/roddhjav/apparmor.d/badges/master/pipeline.svg?style=flat-square + +[android_model]: https://arxiv.org/pdf/1904.05572 +[clipos]: https://clip-os.org/en/