debops.apparmor

AppArmor is a Linux kernel Security Module (LSM) which provides mandatory access control.

Programs are restricted on the basis of profiles, which are traditionally stored under /etc/apparmor.d/, using filenames which correspond to the path to the binary being protected by the profile (/usr/bin/foobar → /etc/apparmor.d/usr.bin.foobar).

Profiles can be configured in different modes: enforce, disabled, or complain (log, but don't enforce).

This role is primarily geared towards allowing other roles to perform customizations of existing profiles, and allowing administrators to selectively enable/disable profiles.

• Getting started
  • Using debops.apparmor from other roles
  • Containers
  • Example inventory
  • Example playbook
  • Ansible tags
  • Other resources
• Default variables
  • Packages and installation
  • AppArmor profiles
  • AppArmor local profile modifications
  • AppArmor tunables
• Default variable details
  • apparmor__profiles
  • apparmor__locals
  • apparmor__tunables

Copyright

apparmor - Install and configure AppArmor

Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net>
Copyright (C) 2022 David Härdeman <david@hardeman.nu>
Copyright (C) 2015-2022 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only

This Ansible role is part of DebOps.

DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.

DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.