Update previews.

1 files changed, 222 insertions, 0 deletions

diff --git a/html/apparmor.html b/html/apparmor.html
new file mode 100644
index 0000000..291adb9
--- /dev/null
+++ b/html/apparmor.html
@@ -0,0 +1,222 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
+<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
+<title>Gentoo Linux Documentation
+--
+  Gentoo AppArmor Guide</title>
+</head>
+<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
+<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
+<td width="99%" class="content" valign="top" align="left">
+<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
+    This document is a work in progress and should not be considered official yet.
+  </p></td></tr></table>
+<br><h1>Gentoo AppArmor Guide</h1>
+<form name="contents" action="http://www.gentoo.org">
+<b>Content</b>:
+        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Introduction</option>
+<option value="#doc_chap2">2. Initial setup</option>
+<option value="#doc_chap3">3. Working with profiles</option></select>
+</form>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+            </span>Introduction</p>
+<p>
+AppArmor is a Linux Security Module implementation, working around the concept of adding rules to file paths.
+</p>
+<p>
+For each file path you specify, AppArmor will permit it only the permissions you grant.
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Sample profile</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# ------------------------------------------------------------------
+#    Copyright (C) 2002-2009 Novell/SUSE
+#    Copyright (C) 2010 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+# ------------------------------------------------------------------
+
+#include &lt;tunables/global&gt;
+
+/sbin/klogd {
+  #include &lt;abstractions/base&gt;
+
+  capability sys_admin, # for backward compatibility with kernel &lt;= 2.6.37
+  capability syslog,
+
+  network inet stream,
+
+  /boot/System.map*     r,
+  @{PROC}/kmsg          r,
+  @{PROC}/kallsyms      r,
+  /dev/tty              rw,
+
+  /sbin/klogd           rmix,
+  /var/log/boot.msg     rwl,
+  /{,var/}run/klogd.pid    krwl,
+  /{,var/}run/klogd/klogd.pid krwl,
+  /{,var/}run/klogd/kmsg   r,
+}
+</pre></td></tr>
+</table>
+<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
+            </span>Initial setup</p>
+<p class="secthead"><a name="doc_chap2_sect1">Kernel patching</a></p>
+<p>
+From Linux 3.4, improved AppArmor support has been merged into the kernel. For the best experience, however,
+it is recommended to patch your kernel with additional support. Without patching, it will only be possible to activate
+profiles - deactivation, listing, init script etc. will not work.
+</p>
+<p>
+The required patches are included in the AppArmor tarball. If you are using a grsec enabled kernel, such as <span class="code" dir="ltr">hardened-sources</span>,
+the patches will not cleanly apply. For convenience, a rebased version of the patches is
+<a href="https://github.com/kensington/apparmor-grsec/tarball/master">available</a>.
+</p>
+<p class="secthead"><a name="doc_chap2_sect2">Install utilities</a></p>
+<p>
+The AppArmor userspace utilities currently live in the
+<a href="http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary">Hardened development overlay</a>.
+You should install layman, and then add the <span class="code" dir="ltr">hardened-dev</span> overlay:
+
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Install userspace utilities</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">layman -a hardened-dev</span>
+# <span class="code-input">emerge apparmor-utils</span>
+<span class="code-comment">You will probably also wish to install some profiles to get started:</span>
+# <span class="code-input">emerge apparmor-profiles</span>
+</pre></td></tr>
+</table>
+
+</p>
+<p class="secthead"><a name="doc_chap2_sect3">Further configuration</a></p>
+<p>
+You may wish to edit the configuation files located in <span class="code" dir="ltr">/etc/apparmor</span>, however
+the default values will suit most users.
+</p>
+<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
+            </span>Working with profiles</p>
+<p>
+Profiles are stored as simple text files in <span class="code" dir="ltr">/etc/apparmor.d</span>. They may take any name, and may be stored
+in subdirectories - you may organise them however it suits you.
+</p>
+<a name="doc_chap3_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing3.1: Sample profile directory listing</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+/etc/apparmor.d $ <span class="code-input">ls</span>
+abstractions  program-chunks  usr.lib.apache2.mpm-prefork.apache2  usr.lib.dovecot.managesieve-login  usr.sbin.dovecot  usr.sbin.nscd
+apache2.d     sbin.klogd      usr.lib.dovecot.deliver              usr.lib.dovecot.pop3               usr.sbin.identd   usr.sbin.ntpd
+bin.ping      sbin.syslog-ng  usr.lib.dovecot.dovecot-auth         usr.lib.dovecot.pop3-login         usr.sbin.lspci    usr.sbin.smbd
+disable       sbin.syslogd    usr.lib.dovecot.imap                 usr.sbin.avahi-daemon              usr.sbin.mdnsd    usr.sbin.smbldap-useradd
+local         tunables        usr.lib.dovecot.imap-login           usr.sbin.dnsmasq                   usr.sbin.nmbd     usr.sbin.traceroute
+</pre></td></tr>
+</table>
+<p>
+Profiles are referred to by name, including any parent subdirectories if present.
+</p>
+<p class="secthead"><a name="doc_chap3_sect2">Manual control</a></p>
+<p>
+To activate a profile, simply set it to enforce mode.
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Manual profile activation</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">aa-enforce usr.sbin.dnsmasq</span>
+Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
+</pre></td></tr>
+</table>
+</p>
+<p>
+Similarly, to deactive a profile, simply set it to complain mode.
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Manual profile deactivation</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">aa-complain usr.sbin.dnsmasq</span>
+Setting /etc/apparmor.d/usr.sbin.dnsmasq to complain mode.
+</pre></td></tr>
+</table>
+</p>
+<p>
+The current status of your profiles may be viewed using <span class="code" dir="ltr">aa-status</span>.
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Profile status listing</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">aa-status</span>
+apparmor module is loaded.
+6 profiles are loaded.
+5 profiles are in enforce mode.
+   /bin/ping
+   /sbin/klogd
+   /sbin/syslog-ng
+   /usr/sbin/dnsmasq
+   /usr/sbin/identd
+1 profiles are in complain mode.
+   /usr/sbin/lspci
+1 processes have profiles defined.
+1 processes are in enforce mode.
+   /usr/sbin/dnsmasq (12905)
+0 processes are in complain mode.
+0 processes are unconfined but have a profile defined.
+</pre></td></tr>
+</table>
+</p>
+<p class="secthead"><a name="doc_chap3_sect3">Automatic control</a></p>
+<p>
+The provided init script will automatically load all profiles located in your profile directory.
+Unless specifically specified otherwise, each profile will be loaded in enforce mode.
+</p>
+<br><p class="copyright">
+	The contents of this document, unless otherwise expressly stated, are
+	licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0">CC-BY-SA-3.0</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
+  </p>
+<!--
+  <rdf:RDF xmlns="http://web.resource.org/cc/"
+      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+  
+  <License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
+    
+     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
+     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
+     <requires rdf:resource="http://web.resource.org/cc/Notice" />
+     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
+     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
+  </License>
+  </rdf:RDF>
+--><br>
+</td>
+<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="apparmor.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Page updated July 10, 2012</p></td></tr>
+<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
+This guide provides a brief overview of AppArmor, and gives information
+on how to install and configure it on Gentoo.
+</p></td></tr>
+<tr><td align="left" class="topsep"><p class="alttext">
+    <a href="mailto:kensington@gentoo.org" class="altlink"><b>Michael Palimaka</b></a>
+<br><i>Author</i><br></p></td></tr>
+<tr lang="en"><td align="center" class="topsep">
+<p class="alttext"><b>Donate</b> to support our development efforts.
+        </p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
+</form>
+</td></tr>
+<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
+</table></td>
+</tr></table></td></tr>
+<tr><td colspan="2" align="right" class="infohead">
+Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
+</td></tr>
+</table></body>
+</html>