AppArmor.d

Full set of AppArmor profiles

Help Wanted

This project is still in its early development. Help is very welcome; see Development

AppArmor.d is a set of over 1400 AppArmor profiles whose aim is to confine most Linux based applications and processes.

Purpose

• Confine all root processes such as all systemd tools, bluetooth, dbus, polkit, NetworkManager, OpenVPN, GDM, rtkit, colord
• Confine all Desktop environments
• Confine all user services such as Pipewire, Gvfsd, dbus, xdg, xwayland
• Confine some "special" user applications: web browser, file browser...
• Should not break a normal usage of the confined software

See the Concepts page for more detail on the architecture.

Goals

• Target both desktops and servers
• Support all distributions that support AppArmor:
  • Archlinux
  • Ubuntu 22.04
  • Debian 12
  • OpenSUSE Tumbleweed
• Support all major desktop environments:
  • Currently only Gnome
• Fully tested (Work in progress)

Presentation

• Building the largest working set of AppArmor profiles Linux Security Summit North America (LSS-NA 2023) (Slide)

---

Last update: June 18, 2023
Created: January 29, 2023