< Previous | Contents | Next >
4. AppArmor
AppArmor is a Linux Security Module implementation of name-based mandatory access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities.
AppArmor is installed and loaded by default. It uses profiles of an application to determine what files and permissions the application requires. Some packages will install their own profiles, and additional profiles can be found in the apparmor-profiles package.
To install the apparmor-profiles package from a terminal prompt:
sudo apt install apparmor-profiles
AppArmor profiles have two modes of execution:
• Complaining/Learning: profile violations are permitted and logged. Useful for testing and developing new profiles.
• Enforced/Confined: enforces profile policy as well as logging the violation.
 
	 
                                         Documentation
 Documentation