Quick introduction

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing both known and unknown application flaws from being exploited.

AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

Installation

Many Linux distributions (e.g. Debian, Ubuntu, OpenSUSE) ship with AppArmor.

Simply run aa-status to see if your Linux distribution already has AppArmor integrated:

$ aa-status
apparmor module is loaded.

Since it is a kernel module it is usually not something users install themselves. Individual users and system administrators might however want to manage the application profiles which define what each application is allowed to do by editing the files in /etc/apparmor.d/.

The list of currently active profiles can be easily checked with aa-status.

Checking AppArmor log messages

Each time AppArmor denies applications from doing potentially harmful operations the event is logged. Depending on your system the AppArmor events can be seen in the syslog, auditd, kernel log or in journald logs.

Example:

$ sudo journalctl -fx
audit[13172]: AVC apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
name="/home/otto/.mozilla/firefox/ov37570l.default/cert8.db"
pid=13172 comm="soffice.bin" requested_mask="w"
denied_mask="w" fsuid=1001 ouid=1001

Desktop systems that have the tool aa-notify installed can show events as graphical notifications.

Debugging application problems

When debugging issues, the first step should always be to disable the AppArmor profile for the application and check if it had an effect. If not, the problem in the application was not related to AppArmor.

Read more

More details about AppArmor can be found in the wiki.

AppArmor 4.0.2 released

AppArmor 4.0.2 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note AppArmor 4.0.2 does not address interactions between the bwrap_userns_restrict and flatpak profiles. Read More »

AppArmor 2.13.11 released

AppArmor 2.13.11 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Obtaining the Release There are two ways to obtain this release either through gitlab or a tarball in launchpad. Read More »

AppArmor 3.0.13 released

AppArmor 3.0.13 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Obtaining the Release There are two ways to obtain this release either through gitlab or a tarball in launchpad. Read More »

AppArmor 3.1.7 released

AppArmor 3.1.7 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 3.1.5 introduced by its fix to mount rule generations. Read More »

AppArmor 4.0 alpha1 released

AppArmor 4.0 alpha1 is a major new release of the AppArmor that is in development. Apprmor 4.0 alpha1 is a bridge release between older AppArmor 3.x policy and the newer AppArmor 4 style policy which introduces several new features that are not backwards compatible. As such AppArmor 4.0 alpha1 will be a short lived release, and will not receive long term support. The following AppArmor 4.1 feature release is planned to be a regular release, please take this into account when including AppArmor 4. Read More »

AppArmor 2.13.10 released

AppArmor 2.13.10 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 2.13.9 introduced by its fix to mount rule generations. Read More »

AppArmor 3.0.12 released

AppArmor 3.0.12 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 3.0.11 introduced by its fix to mount rule generations. Read More »

AppArmor 3.1.6 released

AppArmor 3.1.6 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 3.1.5 introduced by its fix to mount rule generations. Read More »

AppArmor 2.13.9 released

AppArmor 2.13.9 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). The kernel portion of the project is maintained and pushed separately. Important Note This release fixes a regression in 2. Read More »

AppArmor 3.0.11 released

AppArmor 3.0.11 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 3.0.10 introduced by the fix to mount rule generations. Read More »