Merge pull request #410 from percona/ps-9512

PS-9512 Add information to AppArmor in 8.4
percona · Oct 31, 2024 · 6b50ea6 · 6b50ea6
2 parents ac72384 + 1277ba6
commit 6b50ea6
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/disable-apparmor.md b/docs/disable-apparmor.md
@@ -4,16 +4,16 @@
 
 Using AppArmor might seem like an extra step, but if you disable it, your server could face security risks.
 
-Do not disable AppArmor in production environments. Instead, use AppArmor's security features and configure it to fit your needs.
-
-## Risks
+Do not disable AppArmor in production environments. This action can have the following risks:
 
 | Risk | Description |
 |---|---|
 | Increased Attack Surface | Disabling AppArmor removes security restrictions, potentially allowing unauthorized access to Percona Server for MySQL's files and functionalities. This creates an attractive target for attackers seeking to exploit vulnerabilities or gain control of your database. |
 | Unforeseen Security Holes | AppArmor can help mitigate even unknown vulnerabilities by restricting unexpected behaviors. Disabling it leaves your system more susceptible to these hidden security holes. |
 | Accidental Misconfigurations | Even with good intentions, manual configuration of access controls can be error-prone. AppArmor provides a pre-defined security layer, reducing the risk of human error in managing permissions. |
 
+Instead, use AppArmor's security features and configure it to fit your needs.
+
 ## Disable procedure
 
 If AppArmor must be disabled, run the following commands: