AppArmor 3.1.3 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately.

This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied).

Obtaining the Release

There are two ways to obtain this release either through gitlab or a tarball in launchpad.

Important note: the gitlab release tarballs differ from the launchpad release tarballs. The launchpad release tarball has a couple processing steps already performed:

  • libapparmor is already done, meaning distros only need to use ./configure in their build setup
  • the docs for everything but libapparmor have already been built



Changes in this Release

These release notes cover all changes between 3.1.2 (1fe80c0f85db4a67771ea506b1ae6d5626d474b1) ) and 3.1.3 (c8eefe440cd14e49424d40c8ee1bd2f2193b3cfc) on the apparmor-3.1 branch.


  • add support for “class” field in logparsing
  • add support for “requested” and “denied” fields in logparsing
  • add scanner support for dbus “method” field (MR:958, HUBMR:286)

Policy Compiler (a.k.a apparmor_parser)

  • Fix mode not being printed when debugging AF_UNIX socket rules. (MR:979)
  • Fix spacing when printing out AF_UNIX addresses (MR:978)
  • Fix invalid reference to transitions when building the chfa (MR:956, AABUG:290)

Bin Utils

  • aa-status


  • Fix log parsing crash due to bad event (MR:959)
  • Fix AttributeError caused by Python 3 migration (MR:986)
  • Replace mutable default arguments in utils (MR:986)
  • Add missing comma to tuple (MR:986)
  • Replace mutable default arguments in tests (MR:986)
  • Include profile name in error message on directory exec (MR:949, AABUG:285)
  • Catch PermissionError when trying to write a profile (MR:946, AABUG:282)



  • Add abstractions/groff with lots of groff/nroff helpers (MR:973, BOO:1065388)
  • audio
  • base
  • crypto
    • allow access to hwf.deny (MR:961)
  • openssl
  • nameservice
    • Adds WSL programmatic management of /etc/resolv.conf (MR:935)
  • nvidia
    • add new cache directory (MR:982)
    • allow reading @{pid}/comm (MR:954)
  • nvidia_modprobe
    • update for driver families and /sys path (MR:983)
  • samba
    • allow modifying /var/cache/samba/*.tdb (MR:988)
  • ssl_certs
    • allow access to all entries in pki/trust/ (MR:961)
  • ubuntu-helpers


  • Ensure all profiles in have optional local include + comment (MR:974)
  • avahi-daemon
    • needs attach_disconnected (MR:960)
  • dnsmasq
    • Adjust local include to match master (MR:976)
  • lsb_release
  • nscd
    • allow using systemd-userdb (MR:977)
  • postfix-tlsmgr
    • allow reading openssl.cnf (MR:981)
  • samba*
    • allow access to pid files directly in /run/ (MR:988)
  • smbd
    • allow reading /var/lib/nscd/netgroup (MR:948)


  • fix bogon patch characters in Makefile (MR:963)
  • add dbus-broker support on regression tests (MR:965)