felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: multiple english corrections.

Browse source 
Co-authored-by: Thomas LAURENT <thomas.laurent@ucdconnect.ie>
This commit is contained in:
Alexandre Pujol 2023-01-31 21:13:35 +00:00
parent 01419d82c4
commit c0780edee1
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
11 changed files with 51 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/concepts.md
View file

@ -12,15 +12,15 @@ possible to write an AppArmor profile for all of them. Therefore, a question ari
**What to confine and why?**
We take inspiration from the [Android/ChromeOS Security Model][android_model] and
we apply it to the Linux world. Modern [Linux security distribution][clipos] usually
consider an immutable core base image with a carefully set of selected applications.
we apply it to the Linux world. Modern [Linux security distributions][clipos] usually
consider an immutable core base image with a carefully selected set of applications.
Everything else should be sandboxed. Therefore, this project tries to confine all
the *core* applications you will usually find in a Linux system: all systemd services,
xwayland, network, bluetooth, your desktop environment... Non-core user applications
are out of scope as they should be sandboxed using a dedicated tool (minijail,
bubblewrap, toolbox...).
This is fundamentally different from how AppArmor is usually used on Linux server
This is fundamentally different from how AppArmor is usually used on Linux servers
as it is common to only confine the applications that face the internet and/or the users.