large set of apparmor rules for various distros
Go to file
2021-04-02 10:39:42 +01:00
apparmor.d Remove firejail-default. 2021-04-02 10:39:42 +01:00
systemd Ensure some systemd services do not start before apparmor rules are loaded. 2021-04-02 10:34:59 +01:00
LICENSE Cleanup license file. 2021-04-01 14:47:01 +01:00
README add README file 2020-09-18 20:13:28 +02:00

------------
Introduction
------------
This repository contains various AppArmor profiles, which aim is to confine linux applications. This
work started a few years ago, but still some of the profiles should be considered experimental,
though most of them work well, at least on my system (Xserver/Openbox setup). Whether any of the
profiles will work on your linux, it depends. Basically the software you use matters a lot, for
instance, major desktop environments (KDE/GNOME) are known to cause troubles, and additional rules
probably will be required to make an app work under such DE. Probably many profiles are also
missing some rules because I'm not able to check and test every app in its every detail -- it
simply takes a lot of time.

The profile rules basically try to map files that a certain application wants to use. Not all the
files are required for an app to make it work, and in some cases giving access to certain files can
be dangerous for both security and privacy. I'm making the file maps just to know how an app works
(what files it tries to use), and whether (or not) it makes some suspicious actions by trying to
read or write exotic locations. With AppArmor everything is clear what apps are trying to do in the
system. When you know what files are used, you can try to deny those you think that can be blocked,
and at some point you get a more strict profiles which provide a better security and privacy, but
of course it will take time.