AppArmorProfiles
AppArmor Profiles
AppArmor is installed and loaded by default starting with Ubuntu 7.10 (Gutsy). Some packages will install their own profiles (usually in enforcing mode), while additional profiles can be found in the apparmor-profiles package from the Universe repository.
Supported profiles in main
Source package/binary |
7.10 |
8.04 LTS |
8.10 |
9.04 |
9.10 |
Cups (cupsd) |
yes |
yes |
yes |
yes |
yes |
OpenLDAP (slapd) |
-- |
yes |
yes |
yes |
yes |
MySQL (mysqld) |
-- |
yes |
yes |
yes |
yes |
Bind (named) |
-- |
yes |
yes |
yes |
yes |
ClamAV (clamd,freshclam) |
-- |
-- |
yes |
yes |
yes |
gdm-guest-session |
-- |
-- |
yes |
yes |
yes |
tcpdump |
-- |
-- |
-- |
yes |
yes |
ISC Dhcpd (dhcpd3) |
-- |
-- |
-- |
yes |
yes |
ISC Dhcp client (dhclient3) |
-- |
-- |
-- |
yes |
yes |
Evince |
-- |
-- |
-- |
-- |
yes |
NTP (ntpd)1 |
-- |
-- |
-- |
-- |
yes |
Firefox (firefox-3.5/firefox) |
-- |
-- |
-- |
-- |
yes2 |
Libvirt (libvirtd and kvm/qemu guests) |
-- |
-- |
-- |
-- |
yes |
Apache (apache2) |
-- |
-- |
-- |
-- |
yes2 |
A complain-mode only profile was provided in the apparmor-profiles package in Ubuntu 9.04 and earlier
- Will be disabled by default and be opt-in for advanced users
Community supported profiles
The following profiles are found in the apparmor-profiles package. These profiles usually are in complain mode and are in various stages of development, but can in general be used with some modification.
Binary |
7.10 |
8.04 LTS |
8.10 |
9.04 |
9.10 |
avahi-daemon |
yes |
yes |
yes |
yes |
yes |
dnsmasq |
yes |
yes |
yes |
yes |
yes |
identd |
yes |
yes |
yes |
yes |
yes |
klogd |
yes |
yes |
yes |
yes |
yes |
mdnsd |
yes |
yes |
yes |
yes |
yes |
mysqld1 |
yes |
-- |
-- |
-- |
-- |
named2 |
yes |
-- |
-- |
-- |
-- |
nmbd |
yes |
yes |
yes |
yes |
yes |
nscd |
yes |
yes |
yes |
yes |
yes |
ntpd3 |
yes |
yes |
yes |
yes |
-- |
ping |
yes |
yes |
yes |
yes |
yes |
smbd |
yes |
yes |
yes |
yes |
yes |
syslogd |
yes |
yes |
yes |
yes |
yes |
syslog-ng |
yes |
yes |
yes |
yes |
yes |
traceroute |
yes |
yes |
yes |
yes |
yes |
dovecot |
-- |
-- |
-- |
-- |
yes |
phpsysinfo4 |
-- |
-- |
-- |
-- |
yes |
An enforcing profile for mysqld moved to the mysql-server-5.0 package in Ubuntu 8.04 LTS
An enforcing profile for named moved to the bind9 package in Ubuntu 8.04 LTS
An enforcing profile for ntpd moved to the ntp package in Ubuntu 9.10
- Must be used with the apache2 profile and the libapache2-mod-apparmor module
Other profiles
Profiles in active development can be found in the public Ubuntu repository. Unmaintained profiles can be found in /usr/share/doc/apparmor-profiles/extras directory of the apparmor-profiles package. Files from either location may not work at all and will likely require significant effort to run on your system.
Filing Bugs
When filing bugs against an installed apparmor profile, please see: https://wiki.ubuntu.com/DebuggingApparmor.