AppArmor Linux application security framework
Download

AppArmor Ranking & Summary

AppArmor Tags

framework linux security access control security framework application security

AppArmor Description

Linux application security framework AppArmor is a software that gives you network application security via mandatory access control for programs, protecting against the exploitation of software flaws and compromised systems.AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours. What's New in This Release: Bug Fixes and Enhancements: AppArmor Profiles: · (LP: #611248) Fix gnome abstraction for gdk pixbuf loaders · (LP: #538661) Adjust cgi path for php5 abstraction · Add 'k' to /var/lib/samba/**.tdb in the samba abstraction · abstractions/user-tmp: require 'owner' matching · profiles/apparmor.d/abstractions/base: statvfs allowed by default · Add dbus-session abstraction (and use Pix rather than Uix) AppArmor Parser: · (LP: #599450) Change the table resizing so that there is always sufficient high entries in the table, preventing bounds violations from occurring. · (LP: #626984) Prevent the parser from crashing when run against 2.6.36 upstream version of AppArmor which doesn't present information parser expects. · Move expression tree node labeling into expr node themselves to reduce memory usage and make node labeling per dfa rather than global. · Clean up the sets firstpos, lastpos, and followpos early to reduce peak memory usage. · Add the ability for the apparmor_parser to dump flattened profiles. Passing the -p flag to the apparmor_parser causes it to dump a flattened profile that includes all the text for all includes to stdout. · Fix memory leak during dfa minimization. · (LP: #588012) Fix leaking file descriptors on included files. · (LP: #588014) Report correct filename/line number on errors in the parser. · Detect when abstractions have been modified, and invalidate profile cache file when reloading. · Fix compilation/build warnings. AppArmor Library (libapparmor): · Fix perl swig bindings so that libapparmor can be built when configured without perl. · Add support for LSM_AUDIT format messages · Update support for minor message changes that occurred as part of upstreaming effort AppArmor Desktop Notifier (apparmor_notify): · Fix memory leak · (LP: #582075) apparmor_notify group like entries together when using -v with -s · Setting in notify.conf now defaults to on (apparmor_notify is not usually installed by default) · Add long options · Cleanup output · Better handle auditd · Handle logfile rotation · Use seteuid() to drop privileges so we can raise/drop after log file rotation. Add -u USER option for dropping privileges when not using sudo · Update man page AppArmor Utils (genprof/logprof): · (LP: #623467) SubDomain.pm: add support for distinct reported truncate, rename_src, rename_dest, and mkdir operations AppArmor PAM Library (pam_apparmor): · (LP: #619521) Teach pam_apparmor about the current errno returned by the kernel when the hat that was passed does not exist in the profile (but other hats exist).

AppArmor Related Software