File: techdoc.toc

package info (click to toggle)
apparmor 4.1.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 34,800 kB
  • sloc: ansic: 24,940; python: 24,595; sh: 12,524; cpp: 9,024; yacc: 2,061; makefile: 1,921; lex: 1,215; pascal: 1,145; perl: 1,033; ruby: 365; lisp: 282; exp: 250; java: 212; xml: 159
file content (30 lines) | stat: -rw-r--r-- 2,701 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
\contentsline {section}{\numberline {1}Introduction}{2}{section.1}%
\contentsline {section}{\numberline {2}Overview}{2}{section.2}%
\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}%
\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}%
\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}%
\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}%
\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}%
\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}%
\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}%
\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}%
\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}%
\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}%
\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}%
\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}%
\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}%
\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}%
\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}%
\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}%
\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}%
\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}%
\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}%
\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}%
\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}%
\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}%
\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}%
\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}%
\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}%
\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}%
\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}%
\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}%