What is AppArmor?

AppArmor is a framework using Mandatory Access Control (MAC). It can be compared with SELinux and was originally created by Immunix. Immunix was later acquired by Novell, which resulted in AppArmor to be found on SUSE Linux. AppArmor has been ported to others Linux distributions like Debian, Gentoo, and Ubuntu. The biggest difference between AppArmor and SELinux is in the way files (objects) are monitored. AppArmor monitors files by path, where SELinux does it by security labels.

Security tools

The following security tools are linked to AppArmor and are worth investigating.

  • Karn (create AppArmor and seccomp profiles)
  • bane (AppArmor profile generator)