What is AppArmor?

AppArmor confines applications by associating security profiles with programs rather than labeling all system objects (as SELinux does). Profiles define what files a program can read/write, what network access it has, and what capabilities it requires. Profiles operate in enforce mode (restrictions active) or complain mode (violations logged but allowed). AppArmor uses path-based rules making profiles more intuitive to write. It is the default security module on Ubuntu and SUSE. While less granular than SELinux, AppArmor's simpler model makes it more accessible for most administrators.