What is AppArmor
AppArmor is a
Linux Kernal Security Module which allows Sys admin to restrict programs access to certain resources defined in
profiles. The security profile allows or disallows specific capabilities, such as network access or file rwx permissions etc.
AppArmor can be configured for any application to reduce its potential attack surface and provide a greater in-depth defense.
AppArmor does this with profiles loaded into the kernel when the system starts. It’s a Mandatory Access Control or
MAC that binds access control attributes to programs rather than to users. It works as a profile loaded into the kernel at boot level.
There are 2 types of profiles in AppArmor (saved at
Enforcement: enforcement of the policy defined in the profile as well as reporting policy violation attempts (either via Syslog or audits).
Complain: report policy violation attempts only
AppArmor in Docker
Consider there is a Ubuntu Linux node and you have AppArmor configured on it. By the way In Ubuntu, AppArmor is installed and enabled by default. The
/etc/apparmor.d directory is where the AppArmor profiles are located. Now to run containers sysadmin performs the installation of Docker on it, one of the most utilized and matured
Container Runtime Engine.
Now onwards, whenever you run a container on this node, Docker automatically generates and loads a default
AppArmor profile named
docker-default. Even you can see the same in
docker info command output.
If the above output does not return a line with
apparmor then your system does not have
AppArmor enabled in its kernel.
AppArmor is a Linux Kernel feature so if you want docker to utilize it at the container level then it must be
enabled onto the host. You can verify…