Core concepts

AppArmor is a Linux Security Module (LSM), a special extention for Linux kernel. AppArmor is a mandatory access control (MAC) mechanism which means that AppArmor can restrict any application's behavior based on a security policy defined specifically for this application.

If an application has a security policy defined, it is considered confined.

MAC approach to security contrasts with a traditional discretionary access control (DAC) Unix/Linux permission system. DAC defines a subject (owner, group, and other) and the broad permissions the subject has (read, write, execute, setuid, setgid, and sticky).

AppArmor does not override or conflict with DAC security but allows more granular refinement of permissions.

AppArmor profile

A profile is a set of rules for an application that defines what the application is allowed to do. Profiles are written in a human-readable language as text files and can be attached to a specific application automatically.

When a profile is used by the kernel to confine applications, it is commonely referred to as loading a profile.

AppArmor policy

A policy is a set of one or more profiles, along with additional files such as abstractions or tunables, that define the security model of the system. Once profiles are compiled as one policy and loaded into the kernel, the kernel enforces the policy on applications.