My application relies heavily on AppArmor for security. I use Ubuntu to host it myself, but I have gotten requests from others that want to host in on a Fedora or RHEL machine.
Now I am aware that Redhat prefers people to use SElinux instead of AppArmor. However, I have looked into it, and I think it is going to be very hard to translate my AppArmor profiles to SElinux policies.
For security reasons, I want to put Tomcat under apparmor. The Ubuntu server(12.04 LTS) guide has a good explanation about apparmor, but I am not sure what is the correct way of creating a profile for Tomcat and how to put it under apparmor.
AppArmor is a Mandatory Access Control or MAC system. It uses Linux Security Module to restrict programs. AppArmor sets up a collection of default application profiles to protect Linux services. You can also protect any other applications running on your system by creating profile files yourself. In Ubuntu, AppArmor is installed and enabled by default.
Here's my problem: Clean OpenSUSE 11.3 64 bit installation using default options into a Virtualbox virtual machine for pre-production testing. I want to check whether AppArmor is enabled, so I enter YaST -> AppArmor Control Panel.