AppArmor guide has been moved to the wiki.

1 files changed, 0 insertions, 204 deletions

diff --git a/xml/apparmor.xml b/xml/apparmor.xml
deleted file mode 100644
index 032f1f3..0000000
--- a/xml/apparmor.xml
+++ /dev/null
@@ -1,204 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header$ -->
-
-<guide disclaimer="draft" link="apparmor.xml" lang="en">
-<title>Gentoo AppArmor Guide</title>
-
-<author title="Author">
-    <mail link="kensington@gentoo.org">Michael Palimaka</mail>
-</author>
-
-<abstract>
-This guide provides a brief overview of AppArmor, and gives information
-on how to install and configure it on Gentoo.
-</abstract>
-
-<!-- The content of this document is licensed under the CC-BY-SA license -->
-<!-- See http://creativecommons.org/licenses/by-sa/3.0 -->
-<license version="3.0"/>
-
-<version>1</version>
-<date>2012-07-10</date>
-
-<chapter>
-<title>Introduction</title>
-
-<section>
-<body>
-<p>
-AppArmor is a Linux Security Module implementation, working around the concept of adding rules to file paths.
-</p>
-<p>
-For each file path you specify, AppArmor will permit it only the permissions you grant.
-</p>
-<pre caption="Sample profile">
-# ------------------------------------------------------------------
-#    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2010 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-# ------------------------------------------------------------------
-
-#include &lt;tunables/global&gt;
-
-/sbin/klogd {
-  #include &lt;abstractions/base&gt;
-
-  capability sys_admin, # for backward compatibility with kernel &lt;= 2.6.37
-  capability syslog,
-
-  network inet stream,
-
-  /boot/System.map*     r,
-  @{PROC}/kmsg          r,
-  @{PROC}/kallsyms      r,
-  /dev/tty              rw,
-
-  /sbin/klogd           rmix,
-  /var/log/boot.msg     rwl,
-  /{,var/}run/klogd.pid    krwl,
-  /{,var/}run/klogd/klogd.pid krwl,
-  /{,var/}run/klogd/kmsg   r,
-}
-</pre>
-</body>
-</section>
-
-</chapter>
-
-<chapter>
-<title>Initial setup</title>
-
-<section>
-<title>Kernel patching</title>
-<body>
-<p>
-From Linux 3.4, improved AppArmor support has been merged into the kernel. For the best experience, however,
-it is recommended to patch your kernel with additional support. Without patching, it will only be possible to activate
-profiles - deactivation, listing, init script etc. will not work.
-</p>
-<p>
-The required patches are included in the AppArmor tarball. If you are using a grsec enabled kernel, such as <c>hardened-sources</c>,
-the patches will not cleanly apply. For convenience, a rebased version of the patches is
-<uri link="https://github.com/kensington/apparmor-grsec/tarball/master">available</uri>.
-</p>
-</body>
-</section>
-
-<section>
-<title>Install utilities</title>
-<body>
-<p>
-The AppArmor userspace utilities currently live in the
-<uri link="http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary">Hardened development overlay</uri>.
-You should install layman, and then add the <c>hardened-dev</c> overlay:
-
-<pre caption="Install userspace utilities">
-# <i>layman -a hardened-dev</i>
-# <i>emerge apparmor-utils</i>
-<comment>You will probably also wish to install some profiles to get started:</comment>
-# <i>emerge apparmor-profiles</i>
-</pre>
-
-</p>
-</body>
-</section>
-
-<section>
-<title>Further configuration</title>
-<body>
-<p>
-You may wish to edit the configuation files located in <c>/etc/apparmor</c>, however
-the default values will suit most users.
-</p>
-</body>
-</section>
-
-</chapter>
-
-<chapter>
-<title>Working with profiles</title>
-
-<section>
-<body>
-<p>
-Profiles are stored as simple text files in <c>/etc/apparmor.d</c>. They may take any name, and may be stored
-in subdirectories - you may organise them however it suits you.
-</p>
-
-<pre caption="Sample profile directory listing">
-/etc/apparmor.d $ <i>ls</i>
-abstractions  program-chunks  usr.lib.apache2.mpm-prefork.apache2  usr.lib.dovecot.managesieve-login  usr.sbin.dovecot  usr.sbin.nscd
-apache2.d     sbin.klogd      usr.lib.dovecot.deliver              usr.lib.dovecot.pop3               usr.sbin.identd   usr.sbin.ntpd
-bin.ping      sbin.syslog-ng  usr.lib.dovecot.dovecot-auth         usr.lib.dovecot.pop3-login         usr.sbin.lspci    usr.sbin.smbd
-disable       sbin.syslogd    usr.lib.dovecot.imap                 usr.sbin.avahi-daemon              usr.sbin.mdnsd    usr.sbin.smbldap-useradd
-local         tunables        usr.lib.dovecot.imap-login           usr.sbin.dnsmasq                   usr.sbin.nmbd     usr.sbin.traceroute
-</pre>
-
-<p>
-Profiles are referred to by name, including any parent subdirectories if present.
-</p>
-</body>
-</section>
-
-<section>
-<title>Manual control</title>
-<body>
-
-<p>
-To activate a profile, simply set it to enforce mode.
-<pre caption="Manual profile activation">
-# <i>aa-enforce usr.sbin.dnsmasq</i>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
-</pre>
-</p>
-
-<p>
-Similarly, to deactive a profile, simply set it to complain mode.
-<pre caption="Manual profile deactivation">
-# <i>aa-complain usr.sbin.dnsmasq</i>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to complain mode.
-</pre>
-</p>
-
-<p>
-The current status of your profiles may be viewed using <c>aa-status</c>.
-<pre caption="Profile status listing">
-# <i>aa-status</i>
-apparmor module is loaded.
-6 profiles are loaded.
-5 profiles are in enforce mode.
-   /bin/ping
-   /sbin/klogd
-   /sbin/syslog-ng
-   /usr/sbin/dnsmasq
-   /usr/sbin/identd
-1 profiles are in complain mode.
-   /usr/sbin/lspci
-1 processes have profiles defined.
-1 processes are in enforce mode.
-   /usr/sbin/dnsmasq (12905)
-0 processes are in complain mode.
-0 processes are unconfined but have a profile defined.
-</pre>
-</p>
-
-</body>
-</section>
-
-<section>
-<title>Automatic control</title>
-<body>
-<p>
-The provided init script will automatically load all profiles located in your profile directory.
-Unless specifically specified otherwise, each profile will be loaded in enforce mode.
-</p>
-</body>
-</section>
-
-</chapter>
-
-</guide>