Other systems AppArmor

apparmor represents 1 of several possible approaches problem of restricting actions installed software may take.

the selinux system takes approach similar apparmor. 1 important difference selinux identifies file system objects inode number instead of path. means, example, while file inaccessible may become accessible under apparmor when hard link created, selinux still deny access through newly created hard link, since underlying data referenced inode same.

selinux , apparmor differ in how administered , how integrate system.

isolation of processes can accomplished mechanisms virtualization; 1 laptop per child (olpc) project, example, sandboxes individual applications in lightweight vserver.

in 2007, simplified mandatory access control kernel introduced.

in 2009, new solution called tomoyo included in linux 2.6.30; apparmor, uses path-based access control.

availability

apparmor first used in immunix linux 1998–2003. @ time, apparmor known subdomain, reference ability security profile specific program segmented different domains, program can switch between dynamically. apparmor first made available in sles , opensuse , first enabled default in sles 10 , in opensuse 10.1.

in may 2005 novell acquired immunix , rebranded subdomain apparmor , began code cleaning , rewriting inclusion in linux kernel. 2005 september 2007, apparmor maintained novell. novell suse legal owner of trademarked name apparmor.

apparmor first ported/packaged ubuntu in april 2007. apparmor became default package starting in ubuntu 7.10, , came part of release of ubuntu 8.04, protecting cups default. of ubuntu 9.04 more items such mysql have installed profiles. apparmor hardening continued improve in ubuntu 9.10 ships profiles guest session, libvirt virtual machines, evince document viewer, , optional firefox profile.

apparmor integrated october 2010, 2.6.36 kernel release.

apparmor has been integrated synology s dsm 5.1 beta in 2014.