Quick introduction

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing both known and unknown application flaws from being exploited.

AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.

Installation

Many Linux distributions (e.g. Debian, Ubuntu, OpenSUSE) ship with AppArmor.

Simply run aa-status to see if your Linux distribution already has AppArmor integrated:

$ aa-status
apparmor module is loaded.

Since it is a kernel module it is usually not something users install themselves. Individual users and system administrators might however want to manage the application profiles which define what each application is allowed to do by editing the files in /etc/apparmor.d/.

The list of currently active profiles can be easily checked with aa-status.

Checking AppArmor log messages

Each time AppArmor denies applications from doing potentially harmful operations the event is logged. Depending on your system the AppArmor events can be seen in the syslog, auditd, kernel log or in journald logs.

Example:

$ sudo journalctl -fx
audit[13172]: AVC apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
name="/home/otto/.mozilla/firefox/ov37570l.default/cert8.db"
pid=13172 comm="soffice.bin" requested_mask="w"
denied_mask="w" fsuid=1001 ouid=1001

Desktop systems that have the tool aa-notify installed can show events as graphical notifications.

Debugging application problems

When debugging issues, the first step should always be to disable the AppArmor profile for the application and check if it had an effect. If not, the problem in the application was not related to AppArmor.

Read more

More details about AppArmor can be found in the wiki.

AppArmor 3.1.5 released

AppArmor 3.1.5 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes a regression in 3.1.4 introduced by the fix to mount rule generations. Read More »

AppArmor 2.13.8 released

AppArmor 2.13.8 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). The kernel portion of the project is maintained and pushed separately. Important Note This release fixes CVE-2016-1585. Read More »

AppArmor 3.0.10 released

AppArmor 3.0.10 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). The kernel portion of the project is maintained and pushed separately. Important Note This release fixes CVE-2016-1585. Read More »

AppArmor 3.1.4 released

AppArmor 3.1.4 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Important Note This release fixes CVE-2016-1585. If you are looking at back porting individual patches instead of pulling in the whole release the critical patches were backported as commit aff29ef0ee88e18db74a364e7dca1b4c0fa95e47 from MR:333, please contact the apparmor mailing list or if communications must be private security@apparmor. Read More »

AppArmor 3.0.9 released

AppArmor 3.0.9 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all currently supported upstream kernels. The kernel portion of the project is maintained and pushed separately. Obtaining the Release There are two ways to obtain this release either through gitlab or a tarball in launchpad. Read More »

AppArmor 3.1.3 released

AppArmor 3.1.3 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Obtaining the Release There are two ways to obtain this release either through gitlab or a tarball in launchpad. Read More »

AppArmor 2.13.7 released

AppArmor 2.13.7 was released 2022-11-21. Introduction AppArmor 2.13.7 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). And supports features released in the 4.18 kernel and ubuntu 18. Read More »

AppArmor 3.0.8 released

AppArmor 3.0.8 was released 2022-11-21. Introduction AppArmor 3.0.8 fixes a couple errors discovered in AppArmor 3.0.7 after release. It is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Read More »

AppArmor 2.12.4 released

AppArmor 2.12.4 was released 2022-11-20. Note: AppArmor 2.12 is end of life. Introduction AppArmor 2.12.4 is the final maintenance release of the 2.12 release of user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Read More »

AppArmor 3.1.2 released

AppArmor 3.1.2 was released 2022-11-07. Introduction AppArmor 3.1.2 is a bug fix release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately. This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied). Obtaining the Release There are two ways to obtain this release either through gitlab or a tarball in launchpad. Read More »