Linux repositories inspector

apparmor-profiles - AppArmor profiles that are loaded into the apparmor kernel module

apparmor-profiles provides various experimental AppArmor profiles. Do not expect these profiles to work out-of-the-box.
These profiles are not mature enough to be shipped in enforce mode by default on Debian. They are shipped in complain mode so that users can test them, choose which are desired, and help improve them upstream if needed.
Some even more experimental profiles are included in
/usr/share/doc/apparmor-profiles/extras/.
2.13.3
OpenSUSE iconOpenSUSE Tumbleweed
2.13.2
Debian iconDebian 10.0
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 19.10
2.12.2
OpenSUSE iconOpenSUSE Leap 15.0
OpenSUSE iconOpenSUSE Leap 15.1
2.12
OpenSUSE iconOpenSUSE Leap 15.0
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
2.11.0
Debian iconDebian 9.0
Ubuntu iconUbuntu 17.10
2.10.95
Ubuntu iconUbuntu 16.04 LTS
2.10.4
OpenSUSE iconOpenSUSE Leap 42.3
2.10.3
OpenSUSE iconOpenSUSE Leap 42.3
2.10.2
OpenSUSE iconOpenSUSE Leap 42.3
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 10.0 buster/maindeb2.13.2-10Apr 0190.4 kiB329 kiB
Debian iconDebian 9.0 stretch/maindeb2.11.0-3+deb9u22018-03-1479.2 kiB342 kiB
OpenSUSE iconOpenSUSE Leap 15.0 ossrpm2.12-lp150.5.1Jan 1797.6 kiB181 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm2.12.2-lp150.6.14.1Jun 17102 kiB182 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm2.12.2-lp150.6.11.2Mar 28101 kiB182 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm2.12-lp150.6.6.1Jan 1898.7 kiB181 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.0 update/ossrpm2.12-lp150.6.3.1Jan 1898.4 kiB181 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 15.1 ossrpm2.12.2-lp151.2.5Apr 0976.7 kiB182 kiBhttps://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm2.10.2-14.19Jan 1781.6 kiB176 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm2.10.4-19.1Feb 0184.2 kiB177 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm2.10.3-16.1Jan 2182.4 kiB176 kiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Tumbleweed ossrpm2.13.3-1.20 - 10:46306 kiB1.37 MiBhttps://bugs.opensuse.org
Ubuntu iconUbuntu 17.10 artful/maindeb2.11.0-2ubuntu172017-11-1031.2 kiB359 kiB
Ubuntu iconUbuntu 17.10 artful-updates/maindeb2.11.0-2ubuntu17.12018-02-0831.2 kiB359 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/maindeb2.12-4ubuntu52018-06-1231.1 kiB360 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/maindeb2.12-4ubuntu5.1Jan 1231.1 kiB360 kiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/maindeb2.12-4ubuntu5.1Jan 1231.1 kiB360 kiB
Ubuntu iconUbuntu 18.10 cosmic/maindeb2.12-4ubuntu8Jan 1431.4 kiB361 kiB
Ubuntu iconUbuntu 19.04 disco/maindeb2.13.2-9ubuntu6Jun 1731.7 kiB345 kiB
Ubuntu iconUbuntu 19.04 disco-proposed/maindeb2.13.2-9ubuntu6.1Jun 2431.7 kiB345 kiB
Ubuntu iconUbuntu 19.10 eoan/maindeb2.13.2-9ubuntu7Jun 1731.7 kiB345 kiB
Ubuntu iconUbuntu 16.04 LTS xenial/maindeb2.10.95-0ubuntu22017-11-1030.3 kiB330 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/maindeb2.10.95-0ubuntu2.11Jun 1730.2 kiB332 kiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/maindeb2.10.95-0ubuntu2.11Jun 1730.2 kiB332 kiB

Latest updates

OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 2.13.3-1.1 to 2.13.3-1.2

0 - 10:46
  • update to 2.13.3
    • profile updates for dnsmasq, dovecot, identd, syslog-ng
    • new "lsb_release" profile (only used when using "Px -> lsb_release")
    • fix buggy syntax in tunables/share
    • several abstraction updates
    • parser: fix "Px -> foo-bar" (the "-" was rejected before)
    • several bugfixes in aa-genprof and aa-logprof
    • see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog
  • drop upstream(ed) patches:
    • apparmor-nameservice-resolv-conf-link.patch
    • profile_filename_cornercase.diff
    • dnsmasq-libvirtd.diff
    • dnsmasq-revert-alternation.diff
    • usrmerge-fixes.diff
    • libapparmor-swig-4.diff
  • re-number remaining patches
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 2.13.2-9.2 to 2.13.3-1.1

Jun 25
  • update to 2.13.3
    • profile updates for dnsmasq, dovecot, identd, syslog-ng
    • new "lsb_release" profile (only used when using "Px -> lsb_release")
    • fix buggy syntax in tunables/share
    • several abstraction updates
    • parser: fix "Px -> foo-bar" (the "-" was rejected before)
    • several bugfixes in aa-genprof and aa-logprof
    • see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog
  • drop upstream(ed) patches:
    • apparmor-nameservice-resolv-conf-link.patch
    • profile_filename_cornercase.diff
    • dnsmasq-libvirtd.diff
    • dnsmasq-revert-alternation.diff
    • usrmerge-fixes.diff
    • libapparmor-swig-4.diff
  • re-number remaining patches
Ubuntu 19.04 icon

Ubuntu 19.04 disco-proposed/main: Version 2.13.2-9ubuntu6.1 introduced

Jun 24
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed oss: Updated from 2.13.2-6.1 to 2.13.2-9.2

Jun 17
  • add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
    1. 0 (boo#1135751)
OpenSUSE Leap 15.0 icon

OpenSUSE Leap 15.0 update/oss: Updated from 2.12.2-lp150.6.11.2 to 2.12.2-lp150.6.14.1

Jun 17
  • dovecot-align-pop3-managesieve-login-to-imap-login.patch
allow network access and notify file creation/access
(bsc#1120279)
Ubuntu 19.10 icon

Ubuntu 19.10 eoan/main: Version 2.13.2-9ubuntu7 introduced

Jun 17
Ubuntu 19.04 icon

Ubuntu 19.04 disco/main: Updated from 2.13.2-9ubuntu5 to 2.13.2-9ubuntu6

Jun 17
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-updates/main: Updated from 2.10.95-0ubuntu2.10 to 2.10.95-0ubuntu2.11

Jun 17
Ubuntu 16.04 LTS icon

Ubuntu 16.04 LTS xenial-security/main: Updated from 2.10.95-0ubuntu2.10 to 2.10.95-0ubuntu2.11

Jun 17
OpenSUSE Leap 15.1 icon

OpenSUSE Leap 15.1 oss: Updated from 2.12.2-lp151.2.4 to 2.12.2-lp151.2.5

Apr 09
  • add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
Ubuntu 19.04 icon

Ubuntu 19.04 disco/main: Updated from 2.13.2-9ubuntu4 to 2.13.2-9ubuntu5

Apr 03
Ubuntu 19.04 icon

Ubuntu 19.04 disco-proposed/main: Version 2.13.2-9ubuntu5 removed

Apr 03
Ubuntu 19.04 icon

Ubuntu 19.04 disco-proposed/main: Updated from 2.13.2-9ubuntu4 to 2.13.2-9ubuntu5

Apr 02
Ubuntu 19.04 icon

Ubuntu 19.04 disco-proposed/main: Version 2.13.2-9ubuntu4 reintroduced

Apr 02
Ubuntu 19.04 icon

Ubuntu 19.04 disco/main: Updated from 2.12-4ubuntu10 to 2.13.2-9ubuntu4

Apr 02
Ubuntu 19.04 icon

Ubuntu 19.04 disco-proposed/main: Version 2.13.2-9ubuntu4 removed

Apr 02
OpenSUSE Leap 15.1 icon

OpenSUSE Leap 15.1 oss: Updated from 2.12.2-lp151.2.3 to 2.12.2-lp151.2.4

Apr 02
  • add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 2.13.2-9 to 2.13.2-10

Apr 01
  • Don't load AppArmor policy when running in a Debian Live environment that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs is not supported by our AppArmor policy at the moment, resulting in breakage of confined software such as Evince and LibreOffice.
  • Ship nvidia_modprobe in enforce mode (Closes: #923273).
    • Rationale: as explained by Seth Arnold <> on #923273#32, profiles in complain mode can chew up essentially unlimited amounts of non-swappable kernel memory and huge amounts of IO bandwidth logging ALLOWED messages, which can in turn use large amounts of storage. This is why Ubuntu has applied this change already for their upcoming release.
    • Scope of this change: in Buster, this profile is used in one single place — the usr.lib.libreoffice.program.soffice.bin profile — for which it was developed and tested in the first place. So the risk and potential problematic impact of this change seems pretty low.
  • Cherry-pick the most important and non-invasive fixes from the upstream apparmor-2.13 maintenance branch:
    • base abstraction: allow mr on *.so* in common library paths,
      1. e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some VirtualBox graphics configuration, where otherwise they would not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    • Fix 2 segfaults spotted upstream while writing automated tests for the multicache support (upstream MR!348):

      · in overlaydirat_for_each, segfault caused by repeatedly freeing

      the same memory area;

      · when loading policy cache files, due to incorrect size passed

      to qsort().

      Upstream commits: 5704fba, 01aec04

OpenSUSE Leap 15.1 icon

OpenSUSE Leap 15.1 oss: Updated from 2.12.2-lp151.2.2 to 2.12.2-lp151.2.3

Mar 30
  • add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
OpenSUSE Leap 15.0 icon

OpenSUSE Leap 15.0 update/oss: Updated from 2.12-lp150.6.6.1 to 2.12.2-lp150.6.11.2

Mar 28
  • add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)

Related packages

apparmor - Mandatory Access Control (MAC) using Linux Security Module (LSM)
apparmor-profiles-extra - Extra profiles for AppArmor Security policies
⇧ Top