 | |
| Original author(s) | Immunix |
|---|---|
| Developer(s) | Originally byImmunix (1998-2005), then bySUSE as part ofNovell (2005-2009), and currently byCanonical Ltd (since 2009). |
| Initial release | 1998; 27 years ago (1998) |
| Stable release | |
| Repository | gitlab |
| Written in | C,Python,C++,sh[2] |
| Operating system | Linux |
| Type | Security,Linux Security Modules (LSM) |
| License | GNU General Public License |
| Website | apparmor |
AppArmor ("Application Armor") is aLinux kernelsecurity module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unixdiscretionary access control (DAC) model by providingmandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported byCanonical since 2009.
In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior.
AppArmor is implemented using theLinux Security Modules (LSM) kernel interface.
AppArmor is offered in part as an alternative toSELinux, which critics consider difficult for administrators to set up and maintain.[3] Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux.[4] They also claim that AppArmor requires fewer modifications to work with existing systems.[citation needed] For example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted viaNFS. AppArmor is filesystem-agnostic.
AppArmor represents one of several possible approaches to the problem of restricting the actions that installed software may take.
TheSELinux system generally takes an approach similar to AppArmor. One important difference: SELinux identifies file system objects byinode number instead of path. Under AppArmor an inaccessible file may become accessible if ahard link to it is created. This difference may be less important than it once was, as Ubuntu 10.10 and later mitigate this with a security module called Yama, which is also used in other distributions.[5] SELinux's inode-based model has always inherently denied access through newly created hard links because the hard link would be pointing to an inaccessible inode.
SELinux and AppArmor also differ significantly in how they are administered and how they integrate into the system.
Isolation of processes can also be accomplished by mechanisms like virtualization; theOne Laptop per Child (OLPC) project, for example, sandboxes individual applications in lightweightVserver.
In 2007, theSimplified Mandatory Access Control Kernel was introduced.
In 2009, a new solution calledTomoyo was included in Linux 2.6.30; like AppArmor, it also uses path-based access control.
AppArmor was first used inImmunix Linux 1998–2003. At the time, AppArmor was known as SubDomain,[6][7] a reference to the ability for a security profile for a specific program to be segmented into different domains, which the program can switch between dynamically. AppArmor was first made available inSLES andopenSUSE and was first enabled by default in SLES 10 and in openSUSE 10.1.
In May 2005Novell acquiredImmunix and rebrandedSubDomain as AppArmor and began code cleaning and rewriting for the inclusion in theLinux kernel.[8]From 2005 to September 2007, AppArmor was maintained by Novell. Novell was taken over bySUSE who are now the legal owner of the trademarked name AppArmor.[9] openSUSE Tumbleweed transitioned from AppArmor to SELinux for new installation since 11 February 2025, upcoming openSUSE Leap 16 will be shipped with SELinux by default as well.[10] AppArmor is still available as install-time selection for users who prefer it.[11]
AppArmor was first successfully ported/packaged forUbuntu in April 2007. AppArmor became a default package starting in Ubuntu 7.10, and came as a part of the release of Ubuntu 8.04, protecting onlyCUPS by default. As of Ubuntu 9.04 more items such as MySQL have installed profiles. AppArmor hardening continued to improve in Ubuntu 9.10 as it ships with profiles for its guest session,libvirt virtual machines, the Evince document viewer, and an optional Firefox profile.[12]
AppArmor was integrated into the October 2010, 2.6.36 kernel release.[13][14][15][16]
AppArmor has been integrated to Synology's DSM since 5.1 Beta in 2014.[17]
AppArmor was enabled inSolus Release 3 on 2017/8/15.[18]
AppArmor is enabled by default inDebian 10 (Buster), released in July 2019.[19]
AppArmor is available in theextra repository ofArch Linux.[20]
