Linux Intermediate

What is AppArmor?

A Linux security module that restricts program capabilities using per-application profiles, simpler to configure than SELinux.

AppArmor confines applications by associating security profiles with programs rather than labeling all system objects (as SELinux does). Profiles define what files a program can read/write, what network access it has, and what capabilities it requires. Profiles operate in enforce mode (restrictions active) or complain mode (violations logged but allowed). AppArmor uses path-based rules making profiles more intuitive to write. It is the default security module on Ubuntu and SUSE. While less granular than SELinux, AppArmor's simpler model makes it more accessible for most administrators.

Learn More About This Topic

SELinux & AppArmor Guide

Directly covers this topic

Debian Security and Hardening

Closely related

Linux Security Auditing

Closely related

Related Terms

A command-line utility for managing disk partition tables on Linux systems.

A text file containing a series of shell commands that are executed sequentially by the Bash interpreter.

A virtual filesystem that exports information about kernel subsystems, hardware devices, and device drivers in a structured hierarchy.

The systemd journal daemon that collects and stores log data from services, the kernel, and boot messages in a structured binary format.

Security-Enhanced Linux — a mandatory access control system that confines programs to minimum required privileges beyond standard file permissions.

The modern Linux packet filtering framework that replaces iptables with a unified, more efficient rule-processing architecture.

View All Linux Terms →