The core component of AppArmor is the profile. You can create a profile for every application, and in these profiles, you can define exactly what an application can do and what it cannot do. How the AppArmor profiles work is based on two Linux kernel modules, apparmor and aamatch_pcre, that hook directly into the Linux Security Modules Framework of the kernel. These two working together make it possible to use POSIX capabilities to define exactly what an application can do and what an application cannot do.
Was this article helpful?