Difficulty: Beginner
Estimated Time: 10 minutes

In this scenario, you will learn how to install and apply AppArmor profiles.

In the second step of the scenario, you will learn how to create and customise your own AppArmor profile by using Bane, a tool created by Jess Frazelle

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Bane - AppArmor Profile Generator

Step 1 of 2

AppArmor

Download AppArmor Nginx Profile

curl -LO https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/master/tutorial/2_Security/4_apparmor/docker-nginx

cat docker-nginx

This is a profile designed for the nginx Container.

Parse

Use the parser to install the profile on the machine

sudo apparmor_parser -r -W docker-nginx

run with profile

Once installed, it can be assigned to a container.

docker run --security-opt "apparmor=docker-nginx" -d --name apparmor-nginx nginx

Execute Into Container: docker exec -it apparmor-nginx bash

Try the following commands:

touch ~/thing
touch /bin/ps
sh

These will fail because the Profile blocks them.