Confining Users with pam_apparmor

The pam_apparmor PAM module allows applications to confine authenticated users into subprofiles based on group names, user names, or default profile. To accomplish this, pam_apparmor needs to be registered as a PAM session module.

Details about how to set up and configure pam_apparmor can be found in /usr/share/doc/packages/pam_apparmor/README. A HOWTO on setting up role-based access control (RBAC) with pam_apparmor is available at http://developer.novell.com/wiki/index.php/Apparmor_RBAC_in_version_2.3.