{"id":3768,"date":"2025-06-08T09:51:40","date_gmt":"2025-06-08T06:21:40","guid":{"rendered":"https:\/\/parsdev.com/blog\/?p=3768"},"modified":"2025-07-28T08:51:51","modified_gmt":"2025-07-28T05:21:51","slug":"what-is-linux-apparmor","status":"publish","type":"post","link":"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/","title":{"rendered":"\u0622\u0634\u0646\u0627\u06cc \u0628\u0627 AppArmor \u062f\u0631 \u0644\u06cc\u0646\u0648\u06a9\u0633"},"content":{"rendered":"<p>AppArmor \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (Mandatory Access Control &#8211; MAC) \u0628\u0631\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627 \u0647\u062f\u0641 \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 \u0633\u06cc\u0633\u062a\u0645 \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a. AppArmor \u0628\u0647 \u06a9\u0645\u06a9 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0634\u062e\u0635 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0647\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u0686\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u060c \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc\u200c\u0647\u0627 \u0648 \u0642\u0627\u0628\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0632 \u06a9\u0646\u062f \u06cc\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<!--more--><\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628\u060c \u0628\u0647 AppArmor\u060c \u06cc\u06a9 \u0645\u0641\u0647\u0648\u0645 \u06a9\u0644\u06cc\u062f\u06cc \u0627\u0645\u0646\u06cc\u062a \u0644\u06cc\u0646\u0648\u06a9\u0633\u060c \u062e\u0648\u0627\u0647\u06cc\u0645 \u067e\u0631\u062f\u0627\u062e\u062a. AppArmor \u0628\u0647 \u0637\u0648\u0631 \u06af\u0633\u062a\u0631\u062f\u0647 \u062f\u0631 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631\u0647\u0627 \u0648 Kubernetes \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0647\u0645\u0686\u0646\u06cc\u0646 \u06cc\u06a9 \u0645\u0648\u0636\u0648\u0639 \u0645\u0647\u0645 \u0628\u0631\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 CKS \u0627\u0633\u062a. \u0645\u0627 \u0622\u0646 \u0631\u0627 \u0628\u0627 \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f \u062a\u0627 \u0628\u0647 \u0634\u0645\u0627 \u062f\u0631 \u062f\u0631\u06a9 \u0646\u062d\u0648\u0647 \u0639\u0645\u0644\u06a9\u0631\u062f \u0622\u0646 \u06a9\u0645\u06a9 \u06a9\u0646\u06cc\u0645.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 ez-toc-wrap-center counter-hierarchy ez-toc-counter-rtl ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title\" style=\"cursor:inherit\">\u0622\u0646\u0686\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628 \u062e\u0648\u0627\u0647\u06cc\u062f \u062e\u0648\u0627\u0646\u062f<\/span>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #473ba7;color:#473ba7\" xmlns=\"https:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #473ba7;color:#473ba7\" class=\"arrow-unsorted-368013\" xmlns=\"https:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#apparmor_%da%86%db%8c%d8%b3%d8%aa%d8%9f\" >AppArmor \u0686\u06cc\u0633\u062a\u061f<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#%d9%85%d8%ab%d8%a7%d9%84_%d9%85%d9%88%d8%b1%d8%af_%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87\" >\u0645\u062b\u0627\u0644 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#%da%a9%d9%86%d8%aa%d8%b1%d9%84_%d8%af%d8%b3%d8%aa%d8%b1%d8%b3%db%8c_%d8%a7%d8%ac%d8%a8%d8%a7%d8%b1%db%8c_mandatory_access_control\" >\u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (Mandatory Access Control)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#apparmor_%da%86%da%af%d9%88%d9%86%d9%87_%da%a9%d8%a7%d8%b1_%d9%85%db%8c%e2%80%8c%da%a9%d9%86%d8%af%d8%9f\" >AppArmor \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#%d9%85%d8%ab%d8%a7%d9%84_%d8%b9%d9%85%d9%84%db%8c_apparmor\" >\u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc AppArmor<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#%da%86%d8%b1%d8%a7_apparmor_root_%d8%b1%d8%a7_%d9%85%d8%ad%d8%af%d9%88%d8%af_%d9%85%db%8c%e2%80%8c%da%a9%d9%86%d8%af%d8%9f\" >\u0686\u0631\u0627 AppArmor Root \u0631\u0627 \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#apparmor_%d8%af%d8%b1_%da%a9%d8%a7%d9%86%d8%aa%db%8c%d9%86%d8%b1%d9%87%d8%a7\" >AppArmor \u062f\u0631 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631\u0647\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/parsdev.com/blog\/what-is-linux-apparmor\/#%d9%86%d8%aa%db%8c%d8%ac%d9%87%e2%80%8c%da%af%db%8c%d8%b1%db%8c\" >\u0646\u062a\u06cc\u062c\u0647\u200c\u06af\u06cc\u0631\u06cc<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"apparmor_%da%86%db%8c%d8%b3%d8%aa%d8%9f\"><\/span>AppArmor \u0686\u06cc\u0633\u062a\u061f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>AppArmor (Application Armor) \u06cc\u06a9 \u0648\u06cc\u0698\u06af\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u062a\u0639\u0628\u06cc\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0686\u0647 \u06a9\u0627\u0631\u06cc \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0648 \u0686\u0647 \u06a9\u0627\u0631\u06cc \u0631\u0627 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f.<br \/>\n\u0627\u06af\u0631 \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u062f\u0627\u0631\u0627\u06cc \u0646\u0642\u0635 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0627\u0634\u062f \u06cc\u0627 \u062a\u0648\u0633\u0637 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0628\u0647 \u062e\u0637\u0631 \u0628\u06cc\u0641\u062a\u062f\u060c AppArmor \u0622\u0633\u06cc\u0628\u06cc \u0631\u0627 \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0648\u0627\u0631\u062f \u06a9\u0646\u062f \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f.<br \/>\n\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u062d\u062a\u06cc \u0627\u06af\u0631 \u06cc\u06a9 \u0647\u06a9\u0631 \u0627\u0632 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u06cc\u06a9 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f\u060c AppArmor \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u062f\u0633\u062a\u0631\u0633\u06cc \u0622\u0646 \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u06cc\u0633\u062a\u0645 \u06cc\u0627 \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0645\u0636\u0631 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u062f.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"%d9%85%d8%ab%d8%a7%d9%84_%d9%85%d9%88%d8%b1%d8%af_%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87\"><\/span>\u0645\u062b\u0627\u0644 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u0634\u0645\u0627 \u06cc\u06a9 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f.<br \/>\n\u0628\u062f\u0648\u0646 AppArmor\u060c \u0627\u06af\u0631 \u0622\u067e\u0627\u0686\u06cc \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0647\u0631 \u0641\u0627\u06cc\u0644\u06cc \u0631\u0627 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0628\u062e\u0648\u0627\u0646\u062f \u06cc\u0627 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a\u200c\u0647\u0627\u06cc \u062a\u0635\u0627\u062f\u0641\u06cc \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f \u06a9\u0647 \u06cc\u06a9 \u062e\u0637\u0631 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc \u0645\u062d\u0633\u0648\u0628 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p>\u0628\u0627 \u06cc\u06a9 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 AppArmor\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0633\u062a\u0631\u0633\u06cc \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u0628\u0627 \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0645\u062d\u062f\u0648\u062f \u06a9\u0646\u06cc\u062f:<\/p>\n<ul>\n<li>\u0627\u062c\u0627\u0632\u0647 \u062f\u0627\u062f\u0646 \u0628\u0647 \u0622\u0646 \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646 \u0641\u0642\u0637 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \/var\/www\/html (\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0630\u062e\u06cc\u0631\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f).<\/li>\n<li>\u0627\u062c\u0627\u0632\u0647 \u062f\u0627\u062f\u0646 \u0628\u0647 \u0622\u0646 \u0628\u0631\u0627\u06cc \u0646\u0648\u0634\u062a\u0646 \u0644\u0627\u06af \u0641\u0642\u0637 \u062f\u0631 \/var\/log\/apache2.<\/li>\n<li>\u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0622\u0646 \u0628\u0631\u0627\u06cc \u06af\u0648\u0634 \u062f\u0627\u062f\u0646 \u0641\u0642\u0637 \u0628\u0647 \u067e\u0648\u0631\u062a \u06f8\u06f0.<\/li>\n<\/ul>\n<p>\u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644\u060c \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u062f\u0631 \/home\/ \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06cc\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.<\/p>\n<p>\u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u067e\u0631\u0633\u06cc\u062f\u0622\u06cc\u0627 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0645 \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0641\u0627\u06cc\u0644 (file permissions) \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0645\u061f \u0627\u06cc\u0646\u062c\u0627 \u062c\u0627\u06cc\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062a\u0641\u0627\u0648\u062a \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f.<\/p>\n<p>\u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0641\u0627\u06cc\u0644\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0627 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0648 \u06af\u0631\u0648\u0647 \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0627\u06af\u0631 \u06a9\u0627\u0631\u0628\u0631\u06cc \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0637\u0648\u0631 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647 \u062a\u0645\u0627\u0645 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.<br \/>\n\u062f\u0631 \u062d\u0627\u0644\u06cc \u06a9\u0647 AppArmor \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0627 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0622\u0646\u0686\u0647 \u062e\u0648\u062f \u0628\u0631\u0646\u0627\u0645\u0647 \u0645\u062c\u0627\u0632 \u0628\u0647 \u0627\u0646\u062c\u0627\u0645 \u0622\u0646 \u0627\u0633\u062a\u060c \u0635\u0631\u0641 \u0646\u0638\u0631 \u0627\u0632 \u0627\u06cc\u0646\u06a9\u0647 \u06a9\u062f\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631 \u0622\u0646 \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.<br \/>\n\u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u062d\u062a\u06cc \u0627\u06af\u0631 \u0622\u067e\u0627\u0686\u06cc \u0628\u0647 \u062e\u0637\u0631 \u0628\u06cc\u0641\u062a\u062f\u060c \u0647\u0646\u0648\u0632 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0686\u06cc\u0632\u06cc \u062e\u0627\u0631\u062c \u0627\u0632 \u0645\u0633\u06cc\u0631\u0647\u0627\u06cc \u0645\u062c\u0627\u0632 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%da%a9%d9%86%d8%aa%d8%b1%d9%84_%d8%af%d8%b3%d8%aa%d8%b1%d8%b3%db%8c_%d8%a7%d8%ac%d8%a8%d8%a7%d8%b1%db%8c_mandatory_access_control\"><\/span>\u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (Mandatory Access Control)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>AppArmor \u0632\u06cc\u0631\u0645\u062c\u0645\u0648\u0639\u0647 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (MAC) \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f.<br \/>\n\u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (Mandatory Access Control) \u06cc\u06a9 \u0645\u062f\u0644 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 (\u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u060c \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc\u200c\u0647\u0627\u060c \u067e\u0648\u0631\u062a\u200c\u0647\u0627\u06cc \u0634\u0628\u06a9\u0647 \u0648 \u063a\u06cc\u0631\u0647) \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0633\u06cc\u0627\u0633\u062a \u0645\u0631\u06a9\u0632\u06cc \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p>\u0628\u0631\u062e\u0644\u0627\u0641 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062e\u062a\u06cc\u0627\u0631\u06cc (DAC)\u060c \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0635\u0627\u062d\u0628 \u06cc\u06a9 \u0645\u0646\u0628\u0639 (\u0645\u062b\u0644\u0627 \u06cc\u06a9 \u0641\u0627\u06cc\u0644) \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u062c\u0648\u0632\u0647\u0627 (\u062e\u0648\u0627\u0646\u062f\u0646\u060c \u0646\u0648\u0634\u062a\u0646\u060c \u0627\u062c\u0631\u0627) \u0631\u0627 \u062a\u0639\u06cc\u06cc\u0646 \u06a9\u0646\u062f\u060c \u0633\u06cc\u0627\u0633\u062a\u200c\u0647\u0627\u06cc MAC \u062f\u0631 \u0633\u0631\u0627\u0633\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f \u0648 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u06cc\u0627 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0644\u063a\u0648 \u0634\u0648\u0646\u062f\u060c \u062d\u062a\u06cc \u0627\u06af\u0631 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f root \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f.<br \/>\n\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u062d\u062a\u06cc \u0627\u06af\u0631 \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a root \u0627\u062c\u0631\u0627 \u0634\u0648\u062f\u060c AppArmor \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0622\u0646 \u0631\u0627 \u0627\u0632 \u062a\u063a\u06cc\u06cc\u0631 \/etc\/passwd \u0645\u0633\u062f\u0648\u062f \u06a9\u0646\u062f. \u0627\u06af\u0631 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u0631\u0646\u0627\u0645\u0647 \u0631\u0627 \u0628\u0647 \u062e\u0637\u0631 \u0628\u06cc\u0646\u062f\u0627\u0632\u062f\u060c \u0647\u0645\u0686\u0646\u0627\u0646 \u062a\u0648\u0633\u0637 AppArmor \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<blockquote><p><a href=\"https:\/\/parsdev.com\/vps\" target=\"_blank\" rel=\"noopener\">\u062e\u0631\u06cc\u062f VPS \u0644\u06cc\u0646\u0648\u06a9\u0633<\/a> \u0628\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 SSH \u0648 \u0645\u0646\u0627\u0628\u0639 \u0627\u062e\u062a\u0635\u0627\u0635\u06cc\u060c \u0645\u0646\u0627\u0633\u0628 \u0628\u0631\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0646\u0648\u06cc\u0633\u0627\u0646\u060c \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u0648 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u0627\u06cc\u062a \u062f\u0631 \u067e\u0627\u0631\u0633\u062f\u0648 \u0641\u0631\u0627\u0647\u0645 \u0627\u0633\u062a.<\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"apparmor_%da%86%da%af%d9%88%d9%86%d9%87_%da%a9%d8%a7%d8%b1_%d9%85%db%8c%e2%80%8c%da%a9%d9%86%d8%af%d8%9f\"><\/span>AppArmor \u0686\u06af\u0648\u0646\u0647 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>AppArmor \u0628\u0631 \u0627\u0633\u0627\u0633 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u060c \u0645\u0634\u0627\u0628\u0647 seccomp\u060c \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f.<br \/>\n\u0647\u0631 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0645\u062a\u0646\u06cc \u0633\u0627\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u0645\u062c\u0627\u0632 \u0628\u0647 \u0627\u0646\u062c\u0627\u0645 \u0686\u0647 \u06a9\u0627\u0631\u06cc \u0627\u0633\u062a.<br \/>\n\u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u067e\u0631\u0648\u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc AppArmor \u0645\u0648\u062c\u0648\u062f \u0631\u0627 \u062f\u0631 \/etc\/apparmor.d\/ \u067e\u06cc\u062f\u0627 \u06a9\u0646\u06cc\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ ls -p \/etc\/apparmor.d\/ | grep -v \/\r\n\r\nlsb_release\r\nnvidia_modprobe\r\nsbin.dhclient\r\nusr.bin.man\r\nusr.bin.tcpdump\r\nusr.lib.snapd.snap-confine.real\r\nusr.sbin.rsyslogd\r\n<\/pre>\n<h4><span class=\"ez-toc-section\" id=\"%d9%85%d8%ab%d8%a7%d9%84_%d8%b9%d9%85%d9%84%db%8c_apparmor\"><\/span>\u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc AppArmor<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\u0628\u06cc\u0627\u06cc\u06cc\u062f \u06cc\u06a9 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 AppArmor \u0631\u0627 \u0628\u0627 \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc \u062f\u0631\u06a9 \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u0645\u0627 \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a Bash \u0633\u0627\u062f\u0647 \u0627\u06cc\u062c\u0627\u062f \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f \u06a9\u0647 \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \/etc\/shadow (\u0641\u0627\u06cc\u0644\u06cc \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0631\u0645\u0632\u0647\u0627\u06cc \u0639\u0628\u0648\u0631 \u0647\u0634 \u0634\u062f\u0647 \u0627\u0633\u062a \u0648 \u0628\u0627\u06cc\u062f \u0645\u062d\u0627\u0641\u0638\u062a \u0634\u0648\u062f) \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f.<\/p>\n<p>\u0627\u06cc\u062f\u0647 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0627 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \/etc\/shadow\u060c \u062d\u062a\u06cc \u0647\u0646\u06af\u0627\u0645 \u0627\u062c\u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06a9\u0627\u0631\u0628\u0631 root\u060c \u0645\u0633\u062f\u0648\u062f \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u0628\u06cc\u0627\u06cc\u06cc\u062f \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ echo -e &#039;#!\/bin\/bash\\ncat \/etc\/shadow&#039; &amp;amp;amp;amp;gt; script.sh\r\n\r\n$ chmod +x script.sh\r\n<\/pre>\n<p>\u0627\u06af\u0631 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 root \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f\u060c \u0647\u06cc\u0686 \u062e\u0637\u0627\u06cc\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0646\u062e\u0648\u0627\u0647\u06cc\u062f \u06a9\u0631\u062f. \u0645\u062d\u062a\u0648\u0627\u06cc \/etc\/shadow \u0631\u0627 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc\u200c\u062f\u0647\u062f.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ root@ubuntu:~# .\/script.sh\r\n\r\nroot:*:19579:0:99999:7:::\r\ndaemon:*:19579:0:99999:7:::\r\n.\r\n.\r\n.\r\n<\/pre>\n<p>\u062d\u0627\u0644\u0627\u060c \u0628\u06cc\u0627\u06cc\u06cc\u062f \u06cc\u06a9 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 AppArmor \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0645\u0627\u0646\u0639 \u0627\u0632 \u062e\u0648\u0627\u0646\u062f\u0646 \/etc\/shadow \u062a\u0648\u0633\u0637 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0634\u0648\u062f.<\/p>\n<p>\u0645\u0627 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u0631\u0627 \u062f\u0631 \/etc\/apparmor.d\/root.script.sh \u062a\u0639\u0631\u06cc\u0641 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n#include &amp;amp;lt;tunables\/global&amp;amp;gt;\r\n\r\nprofile \/root\/script.sh {\r\n# Allow reading its own file\r\n\/root\/script.sh r,\r\n\r\n# Deny access to \/etc\/shadow\r\ndeny \/etc\/shadow r,\r\n\r\n# Allow execution of Bash\r\n\/bin\/bash rmix,\r\n\r\n# Allow execution of &#039;cat&#039; or any other needed commands\r\n\/usr\/bin\/cat rmix,\r\n}\r\n<\/pre>\n<p>\u0628\u06cc\u0627\u06cc\u06cc\u062f \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u0631\u0627 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645.<\/p>\n<p style=\"text-align: left\">\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nsudo apparmor_parser -r \/etc\/apparmor.d\/root.script.sh\r\n<\/pre>\n<p>\u0648\u0636\u0639\u06cc\u062a \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ root@ubuntu:~# sudo apparmor_status | grep script.sh\r\n\/root\/script.sh\r\n<\/pre>\n<p dir=\"ltr\" style=\"text-align: left\">\n<p>\u0627\u06a9\u0646\u0648\u0646 \u0628\u0627\u06cc\u062f \u0645\u0633\u06cc\u0631 \u0635\u062d\u06cc\u062d (\/root\/script.sh) \u0631\u0627 \u0646\u0634\u0627\u0646 \u062f\u0647\u062f.<\/p>\n<p>\u062d\u0627\u0644\u0627 \u0628\u06cc\u0627\u06cc\u06cc\u062f \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645 \u0648 \u0628\u0628\u06cc\u0646\u06cc\u0645 \u0686\u0647 \u0627\u062a\u0641\u0627\u0642\u06cc \u0645\u06cc\u200c\u0627\u0641\u062a\u062f. \u0647\u0646\u06af\u0627\u0645 \u062a\u0644\u0627\u0634 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \/etc\/shadow\u060c \u062d\u062a\u06cc \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 root\u060c \u0628\u0627\u06cc\u062f \u062e\u0637\u0627\u06cc \u0639\u062f\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u06cc\u062f.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ root@ubuntu:~# .\/script.sh\r\n.\/script.sh: line 2: \/usr\/bin\/cat: Permission denied\r\n<\/pre>\n<p>\u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0645\u06cc\u200c\u0628\u06cc\u0646\u06cc\u062f\u060c AppArmor \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0631\u0627 \u0628\u0631 \u0627\u0633\u0627\u0633 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u062d\u062a\u06cc \u0627\u06af\u0631 \u0622\u0646\u0647\u0627 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 root \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%da%86%d8%b1%d8%a7_apparmor_root_%d8%b1%d8%a7_%d9%85%d8%ad%d8%af%d9%88%d8%af_%d9%85%db%8c%e2%80%8c%da%a9%d9%86%d8%af%d8%9f\"><\/span>\u0686\u0631\u0627 AppArmor Root \u0631\u0627 \u0645\u062d\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f\u061f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Root \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0627\u0631\u062f\u060c \u0627\u0645\u0627 AppArmor \u06a9\u0646\u062a\u0631\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 (\u062d\u062a\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0627\u06cc \u06a9\u0647 \u062a\u0648\u0633\u0637 root \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f) \u0686\u0647 \u06a9\u0627\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f.<\/p>\n<p>\u0627\u06cc\u0646 \u0627\u0645\u0631 \u0627\u0632 \u062d\u0645\u0644\u0627\u062a privilege escalation\u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f (\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a root \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0645\u0627\u0646\u0646\u062f \/etc\/shadow \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f). \u0627\u06cc\u0646 \u062d\u062f\u0627\u0642\u0644 \u0627\u0645\u062a\u06cc\u0627\u0632 \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0641\u0642\u0637 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0644\u0627\u0632\u0645 \u0631\u0627 \u0645\u062c\u0627\u0632 \u0645\u06cc\u200c\u062f\u0627\u0646\u062f.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"apparmor_%d8%af%d8%b1_%da%a9%d8%a7%d9%86%d8%aa%db%8c%d9%86%d8%b1%d9%87%d8%a7\"><\/span>AppArmor \u062f\u0631 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631\u0647\u0627<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>AppArmor \u062f\u0631 \u0631\u0627\u0646 \u062a\u0627\u06cc\u0645\u200c\u0647\u0627\u06cc \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u0627\u062f\u063a\u0627\u0645 \u0634\u062f\u0647 \u0627\u0633\u062a \u062a\u0627 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (MAC) \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f\u0647\u0627\u06cc \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u062f.<br \/>\n\u0632\u0645\u0627\u0646 \u0627\u062c\u0631\u0627 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0631\u0627 \u0647\u0646\u06af\u0627\u0645 \u0634\u0631\u0648\u0639 \u06cc\u06a9 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u062a\u0636\u0645\u06cc\u0646 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0647\u0631 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u062f\u0631 \u06cc\u06a9 sandbox \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<p>\u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c Docker \u0628\u0627 \u06cc\u06a9 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0628\u0647 \u0646\u0627\u0645 docker-default \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u06cc\u0646 \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u0628\u0631\u0627\u06cc \u0647\u0631 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f \u0645\u06af\u0631 \u0627\u06cc\u0646\u06a9\u0647 \u0644\u063a\u0648 \u0634\u0648\u062f. \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u0631\u0627 \u0627\u06cc\u0646\u062c\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.<\/p>\n<p>\u0627\u06cc\u0646 \u0628\u0631\u0646\u0627\u0645\u0647 \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647<\/p>\n<ul>\n<li>\u0627\u062c\u0627\u0632\u0647 \u0639\u0645\u0644\u06cc\u0627\u062a \u0627\u0648\u0644\u06cc\u0647 (\u0645\u062b\u0644\u0627 \u062e\u0648\u0627\u0646\u062f\u0646\/\u0646\u0648\u0634\u062a\u0646 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0641\u0627\u06cc\u0644 \u06a9\u0627\u0646\u062a\u06cc\u0646\u0631) \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u062f.<\/li>\n<li>\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062e\u0637\u0631\u0646\u0627\u06a9 (\u0645\u062b\u0644\u0627 \u0646\u0635\u0628 \/proc \u06cc\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \/etc\/passwd \u0631\u0648\u06cc \u0645\u06cc\u0632\u0628\u0627\u0646) \u0631\u0627 \u0645\u0633\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f.<br \/>\n\u062f\u0631 \u0627\u06cc\u0646 \u0628\u062e\u0634 \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0633\u0627\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u067e\u0631\u0648\u0641\u0627\u06cc\u0644 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 AppArmor \u062f\u0631 docker\u060c \u062e\u0648\u0627\u0646\u062f\u0646 \/proc\/sysrq-trigger \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 cat \u0645\u0633\u062f\u0648\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87%e2%80%8c%da%af%db%8c%d8%b1%db%8c\"><\/span>\u0646\u062a\u06cc\u062c\u0647\u200c\u06af\u06cc\u0631\u06cc<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>AppArmor \u0628\u0627 \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0628\u0631\u0646\u0627\u0645\u0647\u060c \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647\u200c\u0647\u0627 \u0648 \u062a\u0636\u0645\u06cc\u0646 \u062d\u062f\u0627\u0642\u0644 \u0627\u0645\u062a\u06cc\u0627\u0632\u060c \u0627\u0645\u0646\u06cc\u062a \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0631\u0627 \u0628\u0647\u0628\u0648\u062f \u0645\u06cc\u200c\u0628\u062e\u0634\u062f. \u062f\u0627\u0646\u0633\u062a\u0646 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0628\u0631\u0627\u06cc \u0645\u062f\u06cc\u0631\u0627\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0648 \u0639\u0644\u0627\u0642\u0647\u200c\u0645\u0646\u062f\u0627\u0646 \u0628\u0647 CKS \u0636\u0631\u0648\u0631\u06cc \u0627\u0633\u062a!<\/p>\n","protected":false},"excerpt":{"rendered":"AppArmor \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (Mandatory Access Control &#8211; MAC) \u0628\u0631\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a \u06a9\u0647&hellip;","protected":false},"author":1,"featured_media":3882,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"csco_singular_sidebar":"","csco_page_header_type":"","csco_page_load_nextpost":"","footnotes":""},"categories":[8,3],"tags":[],"class_list":{"0":"post-3768","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-server","8":"category-linux","9":"cs-entry"},"_links":{"self":[{"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/posts\/3768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/comments?post=3768"}],"version-history":[{"count":16,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/posts\/3768\/revisions"}],"predecessor-version":[{"id":4799,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/posts\/3768\/revisions\/4799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/media\/3882"}],"wp:attachment":[{"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/media?parent=3768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/categories?post=3768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/parsdev.com/blog\/wp-json\/wp\/v2\/tags?post=3768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}