AppArmor 3.0.9 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately.

This version of the userspace should work with all currently supported upstream kernels.

The kernel portion of the project is maintained and pushed separately.

Obtaining the Release

There are two ways to obtain this release either through gitlab or a tarball in launchpad.

Important note: the gitlab release tarballs differ from the launchpad release tarballs. The launchpad release tarball has a couple processing steps already performed:

  • libapparmor is already done, meaning distros only need to use ./configure in their build setup
  • the docs for everything but libapparmor have already been built



Changes in this Release

These release notes cover all changes between 3.0.8 (474a12ebe86bb9314e482f918c589b484fd9ec2a) and 3.0.9 (af9d04d24b8d4735b76a0603db6f6017da02d403) on apparmor-3.0 branch.


  • add support for “class” field in logparsing
  • add support for “requested” and “denied” fields in logparsing
  • add scanner support for dbus “method” field (MR:958, HUBMR:286)

Policy Compiler (a.k.a apparmor_parser)

  • Fix mode not being printed when debugging AF_UNIX socket rules. (MR:979)
  • Fix spacing when printing out AF_UNIX addresses (MR:978)
  • Fix invalid reference to transitions when building the chfa (MR:956, AABUG:290)

Bin Utils

  • aa-status


  • Fix log parsing crash due to bad event (MR:959)



  • Add abstractions/groff with lots of groff/nroff helpers (MR:973, BOO:1065388)
  • audio
  • crypto
    • allow access to hwf.deny (MR:961)
  • openssl
  • nvidia
    • add new cache directory (MR:982)
    • allow reading @{pid}/comm (MR:954)
  • nvidia_modprobe
    • update for driver families and /sys path (MR:983)
  • samba
    • allow modifying /var/cache/samba/*.tdb (MR:988)
  • ssl_certs
    • allow access to all entries in pki/trust/ (MR:961)
  • ubuntu-helpers


  • avahi-daemon
    • needs attach_disconnected (MR:960)
  • dnsmasq
    • add Waydroid pid file (MR:969)
  • lsb_release
  • nscd
    • allow using systemd-userdb (MR:977)
  • postfix-tlsmgr
    • allow reading openssl.cnf (MR:981)
  • samba*
    • allow access to pid files directly in /run/ (MR:988)
  • smbd
    • allow reading /var/lib/nscd/netgroup (MR:948)


  • fix bogon patch characters in Makefile (MR:963)