apparmor.d/docs/install.md

---
title: Installation
---

!!! danger

    In order to not break your system, the default package configuration installs
    all profiles in complain mode. They can be enforced later.
    See the [Enforce Mode](/enforce) page.

## Requirements

**AppArmor**

An `apparmor` based Linux distribution is required. The basic profiles and
abstractions shipped with AppArmor must be installed.

**Desktop environment**

The following desktop environments are supported:

  - [x] :material-gnome: Gnome

Also, please note wayland has better support than xorg.

**Build dependencies**

* Go >= 1.18
* Rsync

## :material-arch: Archlinux

`apparmor.d-git` is available in the [Arch User Repository][aur]:
```sh
git clone https://aur.archlinux.org/apparmor.d-git.git
cd apparmor.d-git
makepkg -si
```

!!! note

    If your Archlinux based distribution is not recognized, force it with:
    ```sh
    DISTRIBUTION=arch makepkg -si
    ```


## :material-ubuntu: Ubuntu & :material-debian: Debian


Build the package from sources:
```sh
sudo apt install apparmor-profiles build-essential config-package-dev debhelper golang-go rsync git
git clone https://github.com/roddhjav/apparmor.d.git
cd apparmor.d
dpkg-buildpackage -b -d --no-sign
sudo dpkg -i ../apparmor.d_*_all.deb
```


## :simple-suse: OpenSUSE

Build and install from source:
```sh
make
sudo make install
sudo systemctl restart apparmor
```

!!! note

    RPM package is still a work in progress. Help is welcome.


## Partial install

For test purposes, you can install specific profiles with the following commands.
Abstractions, tunables, and most of the OS dependent post-processing is managed.

```sh
make
sudo make profile-names...
```

!!! warning

    Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))

    For instance, `sudo make pass` gives:
    ```sh
    Warning: profile dependencies fallback to unconfined.
    /{usr/,}bin/wl-{copy,paste} rPx,
    /{usr/,}bin/xclip           rPx,
    /{usr/,}bin/python3.[0-9]* rPx -> pass-import,  # pass-import
        /{usr/,}bin/pager         rPx -> child-pager,
        /{usr/,}bin/less          rPx -> child-pager,
        /{usr/,}bin/more          rPx -> child-pager,
    '.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
    ```
    So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.

[aur]: https://aur.archlinux.org/packages/apparmor.d-git
[repo]: https://repo.pujol.io/
[keys]: https://repo.pujol.io/gpgkey
docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`---`
			`title: Installation`
			`---`

			`!!! danger`

docs: multiple english corrections. Co-authored-by: Thomas LAURENT <thomas.laurent@ucdconnect.ie> 2023-01-31 22:13:35 +01:00			`In order to not break your system, the default package configuration installs`
docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`all profiles in complain mode. They can be enforced later.`
			`See the [Enforce Mode](/enforce) page.`

			`## Requirements`

			`AppArmor`

			An `apparmor` based Linux distribution is required. The basic profiles and
			`abstractions shipped with AppArmor must be installed.`

			`Desktop environment`

			`The following desktop environments are supported:`

			`- [x] :material-gnome: Gnome`

			`Also, please note wayland has better support than xorg.`

			`Build dependencies`

build: drop lsb-release build deps. 2023-04-19 19:57:31 +02:00			`* Go >= 1.18`
docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`* Rsync`

			`## :material-arch: Archlinux`

			`apparmor.d-git` is available in the [Arch User Repository][aur]:
			```sh
			`git clone https://aur.archlinux.org/apparmor.d-git.git`
			`cd apparmor.d-git`
doc: add missing makepkg arg. 2023-03-29 19:08:44 +02:00			`makepkg -si`
docs: initial documentation website. 2023-01-29 22:18:22 +01:00			```

			`!!! note`

docs: update install and enforce mode method. 2023-04-19 20:23:57 +02:00			`If your Archlinux based distribution is not recognized, force it with:`
			```sh
			`DISTRIBUTION=arch makepkg -si`
			```
docs: initial documentation website. 2023-01-29 22:18:22 +01:00


			`## :material-ubuntu: Ubuntu & :material-debian: Debian`


			`Build the package from sources:`
			```sh
			`sudo apt install apparmor-profiles build-essential config-package-dev debhelper golang-go rsync git`
			`git clone https://github.com/roddhjav/apparmor.d.git`
			`cd apparmor.d`
			`dpkg-buildpackage -b -d --no-sign`
			`sudo dpkg -i ../apparmor.d_*_all.deb`
			```


docs: add support for OpenSUSE. 2023-02-05 01:22:21 +01:00			`## :simple-suse: OpenSUSE`

			`Build and install from source:`
			```sh
			`make`
			`sudo make install`
			`sudo systemctl restart apparmor`
			```

			`!!! note`

			`RPM package is still a work in progress. Help is welcome.`


docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`## Partial install`

build: improve install process. - Add make local - Warn on local partial install regarding missing deps. 2023-02-11 19:59:08 +01:00			`For test purposes, you can install specific profiles with the following commands.`
docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`Abstractions, tunables, and most of the OS dependent post-processing is managed.`

			```sh
			`make`
			`sudo make profile-names...`
			```

build: improve install process. - Add make local - Warn on local partial install regarding missing deps. 2023-02-11 19:59:08 +01:00			`!!! warning`

			Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))

			For instance, `sudo make pass` gives:
			```sh
			`Warning: profile dependencies fallback to unconfined.`
			`/{usr/,}bin/wl-{copy,paste} rPx,`
			`/{usr/,}bin/xclip rPx,`
			`/{usr/,}bin/python3.[0-9]* rPx -> pass-import, # pass-import`
			`/{usr/,}bin/pager rPx -> child-pager,`
			`/{usr/,}bin/less rPx -> child-pager,`
			`/{usr/,}bin/more rPx -> child-pager,`
			`'.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'`
			```
			So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.

docs: initial documentation website. 2023-01-29 22:18:22 +01:00			`[aur]: https://aur.archlinux.org/packages/apparmor.d-git`
			`[repo]: https://repo.pujol.io/`
			`[keys]: https://repo.pujol.io/gpgkey`