Skip to content

AppArmor.d

AppArmor.d

Initializing search

roddhjav/apparmor.d

Home
Development

AppArmor.d

roddhjav/apparmor.d

Home
Home
- Getting Started
  Getting Started
- Advanced
  Advanced
- Troubleshooting
  Troubleshooting
  - Known issues
  - System Recovery
Development
Development
- Profiles
  Profiles
  - Workflow
  - Guidelines
  - Abstractions
  - Internal
  - Directives
  - Dbus
  - Recommendations
- Tests
  Tests
  - Tests suite
  - Integration Tests

Table of contents

Purpose
Goals
Presentations
Chat

AppArmor.d

Full set of AppArmor profiles

Help Wanted

This project is still in its early development. Help is very welcome; see Development

AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.

Purpose¶

Confine all root processes such as all systemd tools, bluetooth, dbus, polkit, NetworkManager, OpenVPN, GDM, rtkit, colord
Confine all Desktop environments
Confine all user services such as Pipewire, Gvfsd, dbus, xdg, xwayland
Confine some "special" user applications: web browsers, file managers, etc
Should not break a normal usage of the confined software

See the Concepts' page for more detail on the architecture.

Goals¶

Target both desktops and servers
Support for all distributions that support AppArmor:
Support for all major desktop environments:
- Gnome (GDM)
- KDE (SDDM)
- XFCE (Lightdm) (work in progress)
Fully tested (work in progress)

Presentations¶

Building the largest set of AppArmor profiles:

Linux Security Summit North America (LSS-NA 2023) (Slide, Video)
Ubuntu Summit 2023 (Slide, Video)

Chat¶

A development chat is available on https://matrix.to/#/#apparmor.d:matrix.org

October 1, 2024 January 29, 2023 GitHub

Copyright © 2021-2024 Alexandre Pujol

Made with Material for MkDocs