AppArmor administrative utilities | IBM 10 SP1 EAL4 specification

●Administrative utilities provide a mechanism for administrators to configure, query, and control AppArmor.

For background information on AppArmor which was originally named SubDomain, SubDomain: Parsimonious Server Security by Crispin Cowan, Steve Beattie, Greg KroahHartman, Calton Pu, Perry Wagle, and Virgil Gligor at https://forgesvn1.novell.com/viewsvn/apparmor/trunk/docs/papers/subdomain lisa00.pdf?revision=3 [CRISP] and http://www.novell.com/documentation/apparmor/pdfdoc/apparmor2_admin/apparmor2_admin.pdf and http://forge.novell.com/modules/xfmod/project/?apparmor .

5.8.1AppArmor administrative utilities

The primary configuration file for AppArmor is /etc/apparmor/subdomain.conf . (SubDomain was the original name for AppArmor.) The configuration file defines the directory where AppArmor profiles are located, what action to take if the AppArmor LSM cannot be loaded at system boot time (warn, panic, build, or build-panic), whether the OWLSM extension should be loaded, and whether event logging should occur. For more information about AppArmor configuration, please see the man page on subdomain.conf.

AppArmor profiles define the confinement rules for applications protected by AppArmor. The profiles are kept in /etc/apparmor.d.. Profiles are named by the full path to the executable with / replaced by a period (.). The following contains an example AppArmor policy for klogd which is stored in

/etc/apparmor.d/sbin.klogd:

#include <tunables/global> /sbin/klogd {

#include <abstractions/base> capability sys_admin,

/boot/System.map*	r,
/proc/kmsg	r,
/sbin/klogd	rmix,
/var/log/boot.msg	rwl,
/var/run/klogd.pid	rwl,
}

In this example, klogd, can read the specified files in /boot/System.map* and /proc/kmsg. klogd can write log and run information, such as /var/log/boot.msg and /var/run/klogd.pid. Allowable access is denoted by familiar UNIX permission contructs, with some additions, as follows:

●r read

●w write

●ux unconstrained execute

●Ux unconstrained execute after scrubbing the environment

150

Image 162

IBM 10 SP1 EAL4 manual AppArmor administrative utilities, Var/log/boot.msg Rwl Var/run/klogd.pid

Contents

Page EJR Table of Contents 2.1 DAC AppArmor Programs with software privilege Permission bits Access Control Lists 100 142 175 207 250 252 269 Conventions used in this document Purpose of this documentDocument overview Terminology System Overview EServer systems Product historySuse Linux Enterprise Server High-level product overview EServer host computer structure Overall structure of the TOEPage TOE services EServer system structure Local and network services provided by Sles Security policy Operation and administration TSF interfaces Approach to TSF identification Page Page System System x hardware overview System x hardware architecture System p System p hardware overviewSystem p hardware architecture System z System z hardware overview System z hardware architecture EServer EServer 326 hardware overviewEServer 326 hardware architecture AMD x86-64 architecture in compatibility mode Page Hardware and software privilege Hardware privilegePrivilege level Levels of Privilege Software privilege 2.1 DAC AppArmor TOE Security Functions software structure Programs with software privilege Kernel TSF software Logical components Logical kernel subsystems and their interactions Execution components Base kernelKernel threads Non-kernel TSF software Kernel modules and device driversPage TSF databases Definition of subsystems for the CC evaluation Kernel subsystems HardwareFirmware Trusted process subsystems User-level audit subsystem Page Functional descriptions File and I/O management Virtual File System Ext3 and CD-ROM file systems before mounting Ext3 and CD-ROM file systems after mounting Pathname translation VFS pathname translation and access control checks Open Write MountShared subtrees Disk-based file systems 2.1 Ext3 file systemExtended Attributes Data structures Page Page ISO 9660 file system for CD-ROM Data structures and algorithms Pseudo file systems ProcfsTmpfs Sysfs DevptsRootfs Inotify Discretionary Access Control DACConfigfs Binfmtmisc Permission bits Indicates read Access Control Lists Types of ACL tagsACL qualifier Relationship to file permission bits Default ACLs and ACL inheritanceACL permissions Aclmask ACL enforcement Asynchronous I/O 7 I/O scheduler Deadline I/O scheduler Anticipatory I/O schedulerCompletely Fair Queuing scheduler Top halves 8 I/O interruptsNoop I/O scheduler Bottom halves Tasklets Processor interruptsMachine check Work queue Process control and management Data structuresPage Process creation and destruction Control of child processesDAC controls Setresuidand setresgid Process switchKernel threads Execve Scheduling Hyperthreading scheduler Kernel preemption 14 Hyperthreaded scheduling Inter-process communication Pipes Data structures and algorithms First-In First-Out Named pipes Fifo creation System V IPC Fifo openCommon data structures Common functions Message queues Semaphores Shared memory regions Data structures SignalsSockets Algorithms Network subsystem 16 Object reuse handling in socket allocation Overview of the network protocol stack 18 How data travels through the Network protocol stack Transport layer protocols Network layer protocols Addressing 3.2.2 IPv6 Header Transition between IPv4 and IPv6 Flow LabelsSecurity IP Security IPsec Functional Description of IPsec AH Header An IP Packet with tunnel mode AH An IP Packet with tunnel mode ESP Internet Control Message Protocol Icmp Link layer protocols Network services interface Address Resolution Protocol ARP Socket Bind Listen AcceptConnect Access control Memory managementGeneric calls Page Four-Level Page Tables 24 Previous three-level page-tables architecture Memory addressing System 26 System x virtual addressing space 28 Access control through segmentation Segmentation Paging 30 Regular paging 32 Access control through paging For more information about call gates, refer to 33 Paging data structures System p 34 Logical partitions Privilege State 36 Determination of processor mode in Lpar Real mode addressing Address Translation on LPARsHypervisor Virtual mode addressing Access to I/O address spaceDirect Memory Access addressing Run-Time Abstraction Services Preventing denial of serviceSystem p native mode 39 Effective address 41 Block address Machine State Register Descriptor Segment descriptorBlock descriptor 45 Block Address Translation entry Address translation mechanisms 47 Block Address Translation access control Address Translation and access controlPage 48 Page Address Translation and access control 2.4.3 z/VM Guest mode Native hardware modeLpar mode System z Address sizes Address spacesAddress translations 49 System z address types and their translation 51 Address translation modes 52 64-bit or 31-bit Dynamic Address Translation Memory protection mechanisms 53 Low-address protection on effective address Table protection 113 114 56 Key match logic for key-controlled protection EServer Logical address Effective address Linear addressPhysical address 59 Data access privilege checks Access control through type check Page 121 63 Page map level four entry Kernel memory management Translation Lookaside Buffers Support for Numa servers Reverse map Virtual Memory 65 Rmap VM Huge Translation Lookaside Buffers 66 TLB Operation Remapfilepages Frame management Process address space Memory area managementNoncontiguous memory area management 68 Object reuse handling while allocating new linear address Symmetric multiprocessing and synchronization Atomic operationsMemory barriers Spin locks Audit subsystemAudit components Kernel semaphores Audit kernel components Kernel-userspace interface Syscall auditing Filesystem watchesTask structure 71 Task Structure Audit context fields File system audit components User space audit components Audit operation and configuration options Configuration Option Description Possible values Operation Audit records Audit record generationKernel record generation 73 Audit Record Generation Syscall audit record generation 74 Extension to system calls interface File system audit record generation Socket call and IPC audit record generation Record generation by trusted programsAudit record format Page Event Description LAF audit events Kernel modules Login uid associationAudit tools Auditctl Linux Security Module framework Structure LSM capabilities module LSM AppArmor moduleAppArmor AppArmor administrative utilities Var/log/boot.msg Rwl Var/run/klogd.pid AppArmor access control functions Securityfs Device drivers 1 I/O virtualization on System zInterpretive-execution facility State description Character device driver Hardware virtualization and simulation Block device driver System initialization Init System Boot methods Boot loaderBoot process Linuxrc 79 System x Sles boot sequence System p Page 80 System p Sles boot sequence System p in Lpar Etc/sysconfig/init script 81 System p Lpar Sles boot sequence System z Control program 82describes the boot process for Sles as a z/VM guest 82 System z Sles boot sequence EServer 169 83schematically describes the boot process of eServer 170 Identification and authentication 83 eServer 326 Sles boot sequence Pluggable Authentication Module Overview Configuration terminology Modules Etc/security/pamenv.conf Protected databases 11.2.1.1 DAC Trusted commands and trusted processesAccess control rules Agetty Login Gpasswd Mingetty Newgrp Passwd 11.3.7 su Interaction with audit Network applicationsOpenSSL Secure socket-layer interface 84 SSL location in the network stack Concepts Encryption 87 Encryption Algorithm and Key 88 Asymmetric keys Digital certificates and certificate authority Message Authentication Code MACMessage digest SSL architecture 90 SSL Protocol SSL handshake protocol 187 OpenSSL algorithms Symmetric ciphers Asymmetric ciphers CertificatesHash functions Secure Shell SSH client SSH server daemon Very Secure File Transfer Protocol daemon Cups Cupsd Ping Ping6Openssl Stunnel Xinetd System managementAccount Management Chage Chfn Chsh User management UseraddUsermod Userdel Group management Groupadd Groupmod Groupdel 202 Date System Time managementOther System Management Hwclock Memory separation Supervisor mode instructionsMemory 13.5.1.3 I/O controller and network System p Amtu output Star 207 Batch processing user commands 13.6 I&A supportBatch processing 14.1.2 at Batch processing daemons Cron14.2.2 atd Audit utilities User-level audit subsystemAudit daemon Aureport Audit configuration files Audit logsAutrace Supporting functions TSF libraries LibraryDescription Library linking mechanism System call linking mechanism System call argument verification Pageoffset Audit Discretionary Access Control Object reuseSecurity management Secure communications TSF protection TSF Databases TP.5 Testing the TOE protection mechanisms TP.7Trusted processes TP.4 Internal TOE protection mechanisms TP.6 Summary of kernel subsystem interfaces Kernel subsystem file and I/OExternal Interfaces Internal Interfaces 1.1.3 Internal function Interfaces defined Kernel subsystem process control and management External interfaces system calls Internal Interfaces Kernel subsystem inter-process communication Dopipe Kernel subsystem networking Kernel subsystem memory management Kernel subsystem audit Internal interfaces Kernel subsystem device drivers Other functions Summary of trusted processes interfaces Kernel subsystems kernel modules References RSA 234