From AppArmor
Jump to: navigation, search

WARNING: Draft - Work in progress


  • Xapparmor XACE plug-in
  • 3.0 AppArmor kernel query interface
    • 4.0 AppArmor kernel for userspace caching of permission checks
  • 2.?? AppArmor user space


WARNING: The AppArmor Xace plugg-in is a work in progress and changes may be made to policy and capabilities before development is done.

AppArmor provides a security extensions for the X server via the Xace framework. ...


Configuring XAppArmor in the xorg.conf file

If the X-server AppArmor enforcement needs to be run in a specific mode, then the option may be added to the xorg.conf file (normally in <tt/etc/X11/xorg.conf.d</tt>). The option entries are as follows:

"AppArmor mode disabled"
"AppArmor mode selective"
"AppArmor mode enforcing"

Note that the entry must be exact otherwise it will be ignored. An example entry is:

Section "Module"
    SubSection "extmod"
        Option "AppArmor mode enforcing"

The current default mode is enforcing.

Policy Lanaguage


Security snappy applications on the ubuntu desktop

Thanks and Acknowledgements

This work would not have been possible without the hard work put in by the people who developed the Xace framework for the X Server and in particular the XSelunix security extension which was used as a starting point for the development of the AppArmor Xace plugg-in.