debops.apparmor
AppArmor is a Linux kernel Security Module (LSM) which provides mandatory access control.
Programs are restricted on the basis of profiles, which are traditionally
stored under /etc/apparmor.d/
, using filenames which correspond to
the path to the binary being protected by the profile
(/usr/bin/foobar
→ /etc/apparmor.d/usr.bin.foobar
).
Profiles can be configured in different modes: enforce
, disabled
, or
complain
(log, but don't enforce).
This role is primarily geared towards allowing other roles to perform customizations of existing profiles, and allowing administrators to selectively enable/disable profiles.
Copyright
apparmor - Install and configure AppArmor
Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net>
Copyright (C) 2022 David Härdeman <david@hardeman.nu>
Copyright (C) 2015-2022 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only
This Ansible role is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.