Skip to content

roddhjav/play

BranchesTags

Repository files navigation

play.pujol.io

AppArmor play machine

Free root access on an AppArmor machine!

A Play Machine is what is called a system with root as the guest account with only AppArmor to restrict access.

To access the Ubuntu based play machine ssh to play.pujol.io as root, the password is apparmor.

The aim of this is to:

  • Demonstrate that necessary security can be provided by AppArmor without any Unix permissions (however it is still recommended that you use Unix permissions as well for real servers).
  • Show that root is not everything in modern security.
  • Give a demo machine with apparmor.d fully integrated.

Requirements

System requirements

  • A fresh VM with Ubuntu 24.04

Local dependencies

  • Just
  • Ansible
  • Go >= 1.23
  • Docker (to build the apparmor.d package)
  • The apparmor.d project must be available under the ../apparmor.d path.
  • Hugo (to build the website)

Deploy

To build the profiles, and install the play machine, run the following command:

just ansible staging play

If you only want to provision the apparmor-profiles, you can run:

just ansible production play -t role::apparmor-profiles

Note

The first provision is a bit tricky: you may have to force rebooting the VM manually

Then, you can deploy the static website with:

just deploy

About

Free root access on an Apparmor machine!

play.pujol.io

Topics

linux security role-based-access-control hardening apparmor apparmor-profile mandatory-access-control apparmor-profiles

Resources

Readme

License

GPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages