Linux Intermediate

What is AppArmor?

A Linux security module that restricts program capabilities using per-application profiles, simpler to configure than SELinux.

AppArmor confines applications by associating security profiles with programs rather than labeling all system objects (as SELinux does). Profiles define what files a program can read/write, what network access it has, and what capabilities it requires. Profiles operate in enforce mode (restrictions active) or complain mode (violations logged but allowed). AppArmor uses path-based rules making profiles more intuitive to write. It is the default security module on Ubuntu and SUSE. While less granular than SELinux, AppArmor's simpler model makes it more accessible for most administrators.

Learn More About This Topic

SELinux & AppArmor Guide

Directly covers this topic

Debian Security and Hardening

Closely related

Linux Security Auditing

Closely related

Related Terms

Network Namespace

A Linux kernel feature that provides isolated network stacks with independent interfaces, routing tables, and firewall rules.

Redundant Array of Independent Disks — a technology combining multiple physical drives into a single unit for performance, redundancy, or both.

The systemd journal daemon that collects and stores log data from services, the kernel, and boot messages in a structured binary format.

The Grand Unified Bootloader, a program that loads the operating system kernel into memory during system startup.

ACL (Access Control List)

An extension to standard Linux file permissions that allows setting fine-grained access rights for specific users and groups beyond owner/group/other.

A mechanism that changes the apparent root directory for a process and its children, creating an isolated filesystem view.

View All Linux Terms →