Linux Intermediate

What is AppArmor?

A Linux security module that restricts program capabilities using per-application profiles, simpler to configure than SELinux.

AppArmor confines applications by associating security profiles with programs rather than labeling all system objects (as SELinux does). Profiles define what files a program can read/write, what network access it has, and what capabilities it requires. Profiles operate in enforce mode (restrictions active) or complain mode (violations logged but allowed). AppArmor uses path-based rules making profiles more intuitive to write. It is the default security module on Ubuntu and SUSE. While less granular than SELinux, AppArmor's simpler model makes it more accessible for most administrators.

Learn More About This Topic

SELinux & AppArmor Guide

Directly covers this topic

Debian Security and Hardening

Closely related

Linux Security Auditing

Closely related

Related Terms

The systemd journal daemon that collects and stores log data from services, the kernel, and boot messages in a structured binary format.

A Linux kernel feature that limits, accounts for, and isolates resource usage of process groups.

A system for limiting the amount of disk space or number of files that individual users or groups can consume on a filesystem.

ACL (Access Control List)

An extension to standard Linux file permissions that allows setting fine-grained access rights for specific users and groups beyond owner/group/other.

A virtual filesystem that exports information about kernel subsystems, hardware devices, and device drivers in a structured hierarchy.

Redundant Array of Independent Disks — a technology combining multiple physical drives into a single unit for performance, redundancy, or both.

View All Linux Terms →