|Please ask about problems and questions regarding this tutorial on answers.ros.org. Don't forget to include in your question the link to this page, the versions of your OS & ROS, and also add appropriate tags.|
Installing AppArmor Profiles for ROSDescription: This tutorial explains how to install AppArmor Profiles to be used for securing ROS.
Keywords: SROS, AppArmor, Linux Security Module
Tutorial Level: INTERMEDIATE
Next Tutorial: SROS/Tutorials/CustomizingAppArmorProfilesForROS
This tutorial will show you how to install the AppArmor profile library for ROS. This profile library includes the basic building blocks to quickly create and customize policy profiles for your own ROS application and for future tutorials.
sudo apt-get install apparmor apparmor-utils
Next you'll want to download the current AppArmor profile library for ROS, this resides within the ros-infrastructure/apparmor_profiles repository. This repository not only contains the library itself, but also some helpful examples to build from.
git clone https://github.com/ros-infrastructure/apparmor_profiles
To install this profile library into your own system, you'll need find your systems configuration directory for AppArmor profiles, this is quite commonly /etc/apparmor.d for most debian based systems. Next you'll need to copy over the ROS profiles folder under profiles in the repo to /etc/apparmor.d so that AppArmor may find the ros profile library and added tunables. Note that you may require sudo privileges to alter the configuration directory.
sudo cp --recursive ros-infrastructure/apparmor_profiles/profiles /etc/apparmor.d
With AppArmor, anytime you add or change a module or profile, you'll need to reload them so that the invoke policies running alongside the kernel are recompiled and updated. This can be done by restarting the AppArmor service, like so:
sudo service apparmor restart
Now that you have the library installed, but before you try and use it, take a moment to look over the library's structure. File specific documentation is referenced within the files themselves and the repositories accompanying READMEs.