AppArmor.d¶
Full set of AppArmor profiles
Help Wanted
This project is still in its early development. Help is very welcome; see Development
AppArmor.d is a set of over 1400 AppArmor profiles whose aim is to confine most Linux based applications and processes.
Purpose
- Confine all root processes such as all
systemd
tools,bluetooth
,dbus
,polkit
,NetworkManager
,OpenVPN
,GDM
,rtkit
,colord
- Confine all Desktop environments
- Confine all user services such as
Pipewire
,Gvfsd
,dbus
,xdg
,xwayland
- Confine some "special" user applications: web browser, file browser...
- Should not break a normal usage of the confined software
See the Concepts page for more detail on the architecture.
Goals
- Target both desktops and servers
- Support all distributions that support AppArmor:
- Support all major desktop environments:
- Currently only Gnome
- Fully tested (Work in progress)
Presentation
- Building the largest working set of AppArmor profiles Linux Security Summit North America (LSS-NA 2023) (Slide)
Last update:
June 18, 2023
Created: January 29, 2023
Created: January 29, 2023