mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
large set of apparmor rules for various distros
apparmor.d | ||
LICENSE | ||
README |
------------ Introduction ------------ This repository contains various AppArmor profiles, which aim is to confine linux applications. This work started a few years ago, but still some of the profiles should be considered experimental, though most of them work well, at least on my system (Xserver/Openbox setup). Whether any of the profiles will work on your linux, it depends. Basically the software you use matters a lot, for instance, major desktop environments (KDE/GNOME) are known to cause troubles, and additional rules probably will be required to make an app work under such DE. Probably many profiles are also missing some rules because I'm not able to check and test every app in its every detail -- it simply takes a lot of time. The profile rules basically try to map files that a certain application wants to use. Not all the files are required for an app to make it work, and in some cases giving access to certain files can be dangerous for both security and privacy. I'm making the file maps just to know how an app works (what files it tries to use), and whether (or not) it makes some suspicious actions by trying to read or write exotic locations. With AppArmor everything is clear what apps are trying to do in the system. When you know what files are used, you can try to deny those you think that can be blocked, and at some point you get a more strict profiles which provide a better security and privacy, but of course it will take time.