mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
20 lines
1.4 KiB
Text
20 lines
1.4 KiB
Text
------------
|
|
Introduction
|
|
------------
|
|
This repository contains various AppArmor profiles, which aim is to confine linux applications. This
|
|
work started a few years ago, but still some of the profiles should be considered experimental,
|
|
though most of them work well, at least on my system (Xserver/Openbox setup). Whether any of the
|
|
profiles will work on your linux, it depends. Basically the software you use matters a lot, for
|
|
instance, major desktop environments (KDE/GNOME) are known to cause troubles, and additional rules
|
|
probably will be required to make an app work under such DE. Probably many profiles are also
|
|
missing some rules because I'm not able to check and test every app in its every detail -- it
|
|
simply takes a lot of time.
|
|
|
|
The profile rules basically try to map files that a certain application wants to use. Not all the
|
|
files are required for an app to make it work, and in some cases giving access to certain files can
|
|
be dangerous for both security and privacy. I'm making the file maps just to know how an app works
|
|
(what files it tries to use), and whether (or not) it makes some suspicious actions by trying to
|
|
read or write exotic locations. With AppArmor everything is clear what apps are trying to do in the
|
|
system. When you know what files are used, you can try to deny those you think that can be blocked,
|
|
and at some point you get a more strict profiles which provide a better security and privacy, but
|
|
of course it will take time.
|