2023-01-29 22:18:22 +01:00
|
|
|
---
|
|
|
|
|
title: AppArmor.d
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# AppArmor.d
|
|
|
|
|
|
|
|
|
|
**Full set of AppArmor profiles**
|
|
|
|
|
|
|
|
|
|
!!! danger "Help Wanted"
|
|
|
|
|
|
2023-01-31 22:13:35 +01:00
|
|
|
This project is still in its early development. Help is very welcome;
|
2023-01-29 22:18:22 +01:00
|
|
|
see [Development](development/)
|
|
|
|
|
|
2023-01-31 22:13:35 +01:00
|
|
|
**AppArmor.d** is a set of over 1400 AppArmor profiles whose aim is to confine
|
|
|
|
|
most Linux based applications and processes.
|
2023-01-29 22:18:22 +01:00
|
|
|
|
|
|
|
|
**Purpose**
|
|
|
|
|
|
|
|
|
|
- Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`,
|
2023-01-31 22:13:35 +01:00
|
|
|
`polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord`
|
2023-01-29 22:18:22 +01:00
|
|
|
- Confine all Desktop environments
|
|
|
|
|
- Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland`
|
|
|
|
|
- Confine some *"special"* user applications: web browser, file browser...
|
|
|
|
|
- Should not break a normal usage of the confined software
|
|
|
|
|
|
|
|
|
|
See the [Concepts](concepts) page for more detail on the architecture.
|
|
|
|
|
|
|
|
|
|
**Goals**
|
|
|
|
|
|
2023-01-31 22:13:35 +01:00
|
|
|
- Target both desktops and servers
|
2023-01-29 22:18:22 +01:00
|
|
|
- Support all distributions that support AppArmor:
|
|
|
|
|
* Currently:
|
|
|
|
|
- :material-arch: Archlinux
|
|
|
|
|
- :material-ubuntu: Ubuntu 22.04
|
|
|
|
|
- :material-debian: Debian 11
|
|
|
|
|
* Not (yet) tested on openSUSE
|
|
|
|
|
- Support all major desktop environments:
|
|
|
|
|
* Currently only :material-gnome: Gnome
|
2023-01-31 22:13:35 +01:00
|
|
|
- Fully tested (Work in progress)
|
