AppArmorProfiles
6185
Comment: update releases
|
5737
adjust notes since gutsy was removed
|
Deletions are marked like this. | Additions are marked like this. |
Line 25: | Line 25: |
Line 37: | Line 36: |
|| mysqld^1^ || -- || -- || -- || -- || -- || || named^2^ || -- || -- || -- || -- || -- || |
|
Line 41: | Line 38: |
|| ntpd^3^ || yes || yes || -- || -- || -- || | || ntpd^1^ || yes || yes || -- || -- || -- || |
Line 48: | Line 45: |
|| phpsysinfo^4^ || -- || -- || yes || yes || yes || 0. An enforcing profile for mysqld moved to the ```mysql-server-5.0``` package in Ubuntu 8.04 LTS 0. An enforcing profile for named moved to the ```bind9``` package in Ubuntu 8.04 LTS |
|| phpsysinfo^2^ || -- || -- || yes || yes || yes || |
AppArmor Profiles
AppArmor is installed and loaded by default starting with Ubuntu 7.10 (Gutsy). Some packages will install their own profiles (usually in enforcing mode), while additional profiles can be found in the apparmor-profiles package from the Universe repository.
Supported profiles in main
Source package/binary |
8.04 LTS |
9.04 |
9.10 |
10.04 LTS |
10.10 |
Cups (cupsd) |
yes |
yes |
yes |
yes |
yes |
OpenLDAP (slapd) |
yes |
yes |
yes |
yes |
yes |
MySQL (mysqld) |
yes |
yes |
yes |
yes |
yes |
Bind (named) |
yes |
yes |
yes |
yes |
yes |
ClamAV (clamd,freshclam) |
-- |
yes |
yes |
yes |
yes |
gdm-guest-session |
-- |
yes |
yes |
yes |
yes |
tcpdump |
-- |
yes |
yes |
yes |
yes |
ISC Dhcpd (dhcpd3) |
-- |
yes |
yes |
yes |
yes |
ISC Dhcp client (dhclient3) |
-- |
yes |
yes |
yes |
yes |
Evince |
-- |
-- |
yes |
yes |
yes |
NTP (ntpd)1 |
-- |
-- |
yes |
yes |
yes |
Firefox (firefox-3.5/firefox) |
-- |
-- |
yes2 |
yes2 |
yes2 |
Libvirt (libvirtd and kvm/qemu guests) |
-- |
-- |
yes |
yes |
yes |
Apache (apache2) |
-- |
-- |
yes2 |
yes2 |
yes2 |
A complain-mode only profile was provided in the apparmor-profiles package in Ubuntu 9.04 and earlier
- Will be disabled by default and be opt-in for advanced users
Community supported profiles
The following profiles are found in the apparmor-profiles package. These profiles usually are in complain mode and are in various stages of development, but can in general be used with some modification.
Binary |
8.04 LTS |
9.04 |
9.10 |
10.04 LTS |
10.10 |
avahi-daemon |
yes |
yes |
yes |
yes |
yes |
dnsmasq |
yes |
yes |
yes |
yes |
yes |
identd |
yes |
yes |
yes |
yes |
yes |
klogd |
yes |
yes |
yes |
yes |
yes |
mdnsd |
yes |
yes |
yes |
yes |
yes |
nmbd |
yes |
yes |
yes |
yes |
yes |
nscd |
yes |
yes |
yes |
yes |
yes |
ntpd1 |
yes |
yes |
-- |
-- |
-- |
ping |
yes |
yes |
yes |
yes |
yes |
smbd |
yes |
yes |
yes |
yes |
yes |
syslogd |
yes |
yes |
yes |
yes |
yes |
syslog-ng |
yes |
yes |
yes |
yes |
yes |
traceroute |
yes |
yes |
yes |
yes |
yes |
dovecot |
-- |
-- |
yes |
yes |
yes |
phpsysinfo2 |
-- |
-- |
yes |
yes |
yes |
An enforcing profile for ntpd moved to the ntp package in Ubuntu 9.10
- Must be used with the apache2 profile and the libapache2-mod-apparmor module
Other profiles
Profiles in active development can be found in the public Ubuntu repository. Unmaintained profiles can be found in /usr/share/doc/apparmor-profiles/extras directory of the apparmor-profiles package. Files from either location may not work at all and will likely require significant effort to run on your system.
Filing Bugs
When filing bugs against an installed apparmor profile, please see: https://wiki.ubuntu.com/DebuggingApparmor.
SecurityTeam/KnowledgeBase/AppArmorProfiles (last edited 2020-10-26 01:49:03 by alexmurray)