这是CSDN开源夏令营AppArmor-GUI项目的系列博客的第二篇,同时也是AppArmor的学习与认识系列的第一篇。这次主要是了解AppArmor的基本概念,建立对AppArmor的基本认识,然而具体细节并不是这次所应涉及的。
AppArmor
下面是Ubuntu Wiki上关于AppArmor的介绍:
AppArmor is a Mandatory Access Control (MAC) system which is a kernel (LSM) enhancement
to confine programs to a limited set of resources. AppArmor's security model is to bind
access control attributes to programs rather than to users. AppArmor confinement is
provided via profiles loaded into the kernel, typically on boot. AppArmor profiles can
be in one of two modes: enforcement and complain. Profiles loaded in enforcement mode
will result in enforcement of the policy defined in the profile as well as reporting
policy violation attempts (either via syslog or auditd). Profiles in complain mode will
not enforce policy but instead report policy violation attempts.
AppArmor differs from some other MAC systems on Linux: it is pa