AppArmor – access control system

AppArmor is an access control system that lets you specify per program which files the program may read, write, and execute. AppArmor secures applications by enforcing good application behavior without relying on attack signatures, so it can prevent attacks even if they are exploiting previously unknown vulnerabilities.

AppArmor is a Linux Security Module implementation of name-based access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities.

AppArmor protects your infrastructure from attackers who find and exploit application flaws by helping you rapidly develop and enforce security policies. These policies could, for example, define the scope of an application’s access to system resources or enforce beneficial application behavior. AppArmor gives you the tools to protect your critical infrastructure without huge investments in time, resources or training.

AppArmor protects systems from insecure or untrusted processes by running them in confinement, still allowing them to share files with other parts of the system, exercising privilege, and communicating with other processes, but with some restrictions. These restrictions are mandatory; they are not bound to identity, group membership, or object ownership. In particular, the restrictions also apply to processes running with superuser privileges. AppArmor achieves this by plugging into the Linux Security Module (LSM) framework. The protections provided are in addition to the kernel’s regular access control mechanisms.

Features include:

  • Easy to use.
  • Full integration.
  • Easy deployment – it includes a full integrated suite of tools to help you develop, deploy and maintain application security policies.
  • Auditable policies.
  • Protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.
  • Reporting and alerting. Built-in features allow users to schedule detailed event reports and configure alerts based on user-defined events.
  • Sub-process confinement.

Developer: AppArmor Team
License: GNU GPL v2


AppArmor is written in Python, C and C++. Learn Python with our recommended free books and free tutorials. Learn C with our recommended free books and free tutorials. Learn C++ with our recommended free books and free tutorials.

Return to MAC/RBAC Tools Home Page

Read our complete collection of recommended free and open source software. The collection covers all categories of software.

The software collection forms part of our series of informative articles for Linux enthusiasts. There's tons of in-depth reviews, alternatives to Google, fun things to try, hardware, free programming books and tutorials, and much more.
Share this article

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.