AppArmor.d
Full set of AppArmor profiles
Help Wanted
This project is still in its early development. Help is very welcome; see Development
AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.
Purpose¶
- Confine all root processes such as all
systemd
tools,bluetooth
,dbus
,polkit
,NetworkManager
,OpenVPN
,GDM
,rtkit
,colord
- Confine all Desktop environments
- Confine all user services such as
Pipewire
,Gvfsd
,dbus
,xdg
,xwayland
- Confine some "special" user applications: web browsers, file managers, etc
- Should not break a normal usage of the confined software
See the Concepts' page for more detail on the architecture.
Goals¶
- Target both desktops and servers
- Support for all distributions that support AppArmor:
- Support for all major desktop environments:
- Gnome (GDM)
- KDE (SDDM)
- XFCE (Lightdm) (work in progress)
- Fully tested (work in progress)
Presentations¶
Building the largest set of AppArmor profiles:
Chat¶
A development chat is available on https://matrix.to/#/#apparmor.d:matrix.org