Enforce Mode

The default package configuration installs all profiles in complain mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to enforce mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the dists/flags directory.

Danger

You must test in complain mode first and ensure your system works as expected.
You must regularly check AppArmor log with aa-log and report issues first.
When reporting an issue, you must ensure the affected profiles are in complain mode.

Prerequisite

As the enforced version of the package conficts with the default apparmor.d package, you need to uninstall it first:

Archlinux Ubuntu Debian openSUSE

sudo pacman -R apparmor.d

sudo apt purge apparmor.d

sudo apt purge apparmor.d

sudo zypper remove apparmor.d

Installation

Archlinux Ubuntu Debian openSUSE Partial Install

apparmor.d.enforced is available in the Arch User Repository:

yay -S apparmor.d.enforced  # or your preferred AUR install method

Using the pkg.pujol.io debian repository, install the package:

sudo apt install apparmor.d.enforced

Using the pkg.pujol.io debian repository, install the package:

sudo apt install apparmor.d.enforced

openSUSE users need to add cboltz repo on OBS:

zypper install apparmor.d.enforced

Use the just enforce command to build instead of just complain