Skip to content

GitLab

GitLab Commit is coming up on August 3-4. Learn how to innovate together using GitLab, the DevOps platform. Register for free: gitlabcommitvirtual2021.com

Last edited by John Johansen
Page history

Home

AppArmor

Welcome to the AppArmor security project wiki, the wiki for users and developers of the AppArmor security project.

Description

AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

More details about AppArmor can be found in the documentation

Getting AppArmor

Distributions and Ports

Distributions that include AppArmor:

Any derivatives of these distributions should also have AppArmor available. Updated RPMS can be found at the openSUSE Build Service. These are not limited to SUSE distributions.

Source code

The AppArmor project source is split between the kernel module, available in the Linux kernel and git development tree and the user space tools available in launchpad.

Kernel

AppArmor is in the upstream kernel as of 2.6.36. Earlier releases are available in the kernel module git tree:

The AppArmor v2.4 compatibility patches are available in the stable kernel branches. eg v3.4-aa2.8 or in the release tarballs in the kernel-patches directory.

Userspace

Profiles

See the Profiles page for information about AppArmor profiles.

Documentation

AppArmor documentation for the project, including manuals, tutorials, technical documentation and more:

Reporting Bugs

Reporting Security Vulnerabilities

There are 2 ways that security bugs can be reported

In the bug tracker (preferred)

Security issues should be reported as a bug on launchpad.

When creating the bug change the

This bug contains information that is:
Public

to Private Security

this will allow only you and the apparmor security team to see the bug, until it status is changed to Public Security by either you or the apparmor security team.

email (no account needed)

If the security issue contains information that is public or can be public. Send an email to

apparmor@lists.ubuntu.com

Emails to the list from addresses without an account will go into moderation, so there will be a delay before they hit the list but any email that isn't spam will be moderated through. There is no need to signup to be on the mailing list.

If the issue should may need an embargo you can send an email to

security@apparmor.net

Joining AppArmor

  • Mailing list for discussing AppArmor development and use.
  • The IRC channel is #apparmor on irc.oftc.net
  • Bug Tracking - project apparmor on launchpad.net
  • Translations - project apparmor on launchpad.net
  • Code - project apparmor on gitlab

Meetings are held regularly on the IRC channel and are open to the everyone. Please see MeetingAgenda for times.

How to Contribute

Contributions to AppArmor are welcome. Anyone can pull the code from the git repository or from launchpad, and begin hacking on the code. Patches can be contributed by posting them to the mailing list for review or submitting a merge request on gitlab. Please see the CommitPolicy, Versioning, and Coding Style before sending patches.

Commit privileges to the git tree and gitlab master repository are restricted, but can be earned by any developer who is involved in the project.

What happened to the profile repository?

AppArmor profile repository