apparmor.d/docs/index.md

title
AppArmor.d

Full set of AppArmor profiles

!!! danger "Help Wanted"

This project is still in its early development. Help is very welcome; see [Development](development/index.md)

AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.

Purpose

• Confine all root processes such as all systemd tools, bluetooth, dbus, polkit, NetworkManager, OpenVPN, GDM, rtkit, colord
• Confine all Desktop environments
• Confine all user services such as Pipewire, Gvfsd, dbus, xdg, xwayland
• Confine some "special" user applications: web browsers, file managers, etc
• Should not break a normal usage of the confined software

See the Concepts' page for more detail on the architecture.

Goals

• Target both desktops and servers
• Support for all distributions that support AppArmor:
  • :material-arch: Arch Linux
  • :material-ubuntu: Ubuntu 24.04/22.04
  • :material-debian: Debian 12
  • :simple-suse: openSUSE Tumbleweed
• Support for all major desktop environments:
  • :material-gnome: Gnome (GDM)
  • :simple-kde: KDE (SDDM)
  • :simple-xfce: XFCE (Lightdm) (work in progress)
• Fully tested (work in progress)

Presentations

Building the largest set of AppArmor profiles:

• Linux Security Summit North America (LSS-NA 2023) (Slide, Video)
• Ubuntu Summit 2023 (Slide, Video)

Chat

A development chat is available on https://matrix.to/#/#apparmor.d:matrix.org