AppArmor.d

AppArmor.d

Initializing search

roddhjav/apparmor.d

Home
Development

AppArmor.d

roddhjav/apparmor.d

Home
Home
- Getting Started
  Getting Started
- Advanced
  Advanced
- Troubleshooting
  Troubleshooting
Development
Development
- Architecture
  Architecture
- Profile
  Profile
- Tests
  Tests
  - Tests suite
  - Integration Tests

AppArmor.d

Full set of AppArmor profiles

Help Wanted

This project is still in its early development. Help is very welcome; see Development

AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.

Purpose

Confine all root processes such as all systemd tools, bluetooth, dbus, polkit, NetworkManager, OpenVPN, GDM, rtkit, colord
Confine all Desktop environments
Confine all user services such as Pipewire, Gvfsd, dbus, xdg, xwayland
Confine some "special" user applications: web browser, file browser...
Should not break a normal usage of the confined software

See the Concepts' page for more detail on the architecture.

Goals

Target both desktops and servers
Support all distributions that support AppArmor:
Support all major desktop environments:
- Gnome
- KDE (work in progress)
Fully tested (Work in progress)

Presentations

Building large set of AppArmor profiles:

Linux Security Summit North America (LSS-NA 2023) (Slide, Video)
Ubuntu Summit 2023 (Slide, Video)

Chat

A development chat is available on https://matrix.to/#/#apparmor.d:matrix.org

February 23, 2024 January 29, 2023

Copyright © 2021-2024 Alexandre Pujol

Made with Material for MkDocs