Awesome AppArmor#
A curated list of awesome things related to AppArmor.
Contents#
- Official Resources
- AppArmor at Kernel
- AppArmor at GNU\Linux Distributions
- apparmor.d Project
- Related Projects
- Articles
- Videos and Presentations
Official Resources#
- AppArmor Website
- AppArmor News
- AppArmor Mailing List
- AppArmor IRC Channel: #apparmor on irc.oftc.net
- AppArmor Wiki
- AppArmor Documentation
- AppArmor Repo
- AppArmor Website Repo
- AppArmor Release
AppArmor at Kernel#
AppArmor at GNU\Linux Distributions#
- AppArmor at Ubuntu
- AppArmor Ubuntu Repo
- AppArmor Ubuntu Wiki
- AppArmor Ubuntu package
- AppArmor Ubuntu package - Bugs
- AppArmor Ubuntu Server Doc
- AppArmor Ubuntu Community Wiki
- AppArmor Ubuntu Tutorial
- Debugging AppArmor Ubuntu Wiki
- Understanding AppArmor User Namespace Restriction
- Ubuntu Desktop’s 24.10 Dev Cycle - Part 5: Introducing Permissions Prompting
- AppArmor at Debian:
- AppArmor at OpenSuse:
- AppArmor at ArchLinux:
- AppArmor at Other Distributions:
apparmor.d Project#
- apparmor.d Website
- apparmor.d Repo
- apparmor.d Matrix Chat
- apparmor.d Repo
- apparmor.d Presentations
- apparmor.d Play Machine
Related Projects#
- Kubernetes Security Profiles Operator - Github - The Security Profiles Operator (SPO) is an out-of-tree Kubernetes enhancement which aims to make it easier to create and use SELinux, seccomp and AppArmor security profiles in Kubernetes clusters.
- apparmor-psp-policy - Github
- KubeArmor - Github - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
- vArmor - Github - vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp.
- AppAnvil - Github - Graphical user interface for the AppArmor security module
- apparmemall - Gitlab
- apparmor-profiles - Github - Krathalan's AppArmor profiles for Arch Linux
- apparmor-profiles - Sourcehut
- apparmor-even-more-profiles - Github
- bane - Github - Custom & better AppArmor profile generator for Docker containers.
- AppArmor RBAC for Gentoo Linux - Github
Articles#
- AppArmor - c1b3rn0t3s
- Three bypasses of Ubuntu's unprivileged user namespace restrictions - Qualys Security Advisory
- Abusing Ubuntu 24.04 features for root privilege escalation - Snyk
- AppArmor security profiles for Docker - Docker Documentation
- Restrict a Container's Access to Resources with AppArmor - Kubernetes Documentation
- Container Hardening Process - Hardened Linux
- Linux Sandboxing: a brief review - Hardened Linux
- Advanced Docker Security with AppArmor - GCORE
- What is Apparmor and how to add a security layer with it in Docker? - theodo Cloud
- Securing PHP-FPM with AppArmor - FREDERIK HIMPE
- Protecting systemd services with AppArmor - FREDERIK HIMPE
- Protecting your Linux server against security exploits with AppArmor - FREDERIK HIMPE
- A Study of Application Sandbox Policies in Linux - Trevor Dunlap, William Enck, Bradley Reaves
- AppArmor Profile Generator as a Cloud Service - Hui Zhu, Christian Gehrmann
- A Comparative Analysis of Linux Mandatory Access Control Policy Enforcement Mechanisms - Brennon Brimhall et al
- Lic-Sec: An enhanced AppArmor Docker security profile generator - Hui Zhu; Christian Gehrmann
- Advanced Docker Security with AppArmor - An Overview - HACKERNOON
- Security and Access Control - APERTIS
- Mitigating the Damage in the Compromised Webserver using AppArmor - tbhaxor's Blog
- Confining Resources inside Docker Containers with AppArmor - tbhaxor's Blog
- Writing AppArmor Profile from Scratch - tbhaxor's Blog
- AppArmor - HackTricks
- Securing containers with AppArmor - Google Cloud Container-Optimized OS Guides
- Lab: AppArmor - Dockerlabs Collabnix
Videos and Presentations#
- Restricting Unprivileged User Namespaces in Ubuntu - John Johansen & Maxime Bélair, Canonical - Linux Security Summit Europe 24 - A retrospective on the work to restrict unprivileged user namespaces by default in Ubuntu 24.04. This presentation will cover the challenges, problems, and the solutions that Ubuntu choose. It will also take a look at work to address the problems that remain. Video.
- Linux Containers with AppArmor Policy Namespaces - Leesoo Ahn - DebConf 24
- Unprivileged Access Control in AppArmor - John Johansen & Georgia Garcia, Canonical - Linux Security Summit North America 2024 - Video
- LSM Updates: IMA, SELinux, AppArmor, SMACK &... - Roberto Sassu, Paul Moore, John Johansen & KP Singh - Linux Security Summit Europe 2023 - Video
- Apply security to your servers with AppArmor - Brian Six - SUSECON 2022 - Video
- Securely protected Kubernetes Container environment with AppArmor - Hoon Jo - UbuCon Asia 2022
- Securing BIND 9 with AppArmor/Firejail/SecompBPF - Carsten Strotmann and the ISC Team - 2021: Video, Slide, Webpage
- Firejail vs Apparmor for sandboxing Firefox - NapoleonWilson - 2021: Video, Notes
- Binary Policy with IMA and AppArmor - Eric Chiang, Google - Linux Security Summit 2019: Video, Slide
- AppArmor Crashkurs - Christian Boltz - FrosCon 2019
- AppArmor 3.0 - Seth Arnold - DebConf 18
- Introduction To Firejail, AppArmor, and SELinux - Aaron Jones - Phoenix Linux Users Group's Security meeting 2018: Video, Webpage
- AppArmor Crash Course - Christian Boltz - OpenSuse Conference 2016
- AppArmor Crashkurs - Christian Boltz - Gulaschprogrammiernacht 16
- AppArmor Crash Course - Christian Boltz - DebConf 15 - Video
- AppArmor crash course and workshop - Christian Boltz - OpenSuse Conference 12 - Slide
- Securing Linux Applications With AppArmor - Crispin Cowan - DEFCON 15: Video, Slide