Author: Nibaldo González (nibgonz@gmail.com)
AppArmor profiles for:
- Bluetooth Daemon
- Brave
- Chromium
- Firefox
- Gwenview
- KTorrent (not tested in latest versions!)
- mpv
- Okular
- Opera (not tested in latest versions!)
- qBittorrent
- Thunderbird
- Vivaldi
- youtube-dl (extra)
NOTE: The profiles in the extra folder are not tested frequently!
These are designed to work on KDE Plasma 5. All profiles have been tested on Ubuntu 18.04 & 16.04, with KDE Plasma 5.
If you use Ubuntu, please install the apparmor-utils package.
-
Some profiles require you to review the location of the downloads and desktop directories. By default it is used:
- Downloads Directory:
@{HOME}/Descargas/ - Desktop Directory:
@{HOME}/Escritorio/
- Downloads Directory:
-
The profiles of KTorrent and qBittorrent use the directory
@{HOME}/Descargas/Torrents/to save the downloads. You must modify this according to your configuration. -
Check the location of the Telegram executable. The profile uses:
/home/*/.app/Telegram/{Telegram,Updater}. NOTE: The Telegram profile is unmaintained; for sandbox, use the Flatpak or Snap package.
-
Copy the files in:
/etc/apparmor.d/Please do so with great caution!
-
To enable a profile, in enforcing mode, use the following command:
sudo aa-enforce /etc/apparmor.d/usr.bin.profile- For example, you can use:
sudo aa-enforce /etc/apparmor.d/usr.bin.*
sudo aa-enforce /etc/apparmor.d/home.*
sudo aa-enforce /etc/apparmor.d/usr.lib.bluetooth.bluetoothd- If you need to reload a profile:
sudo apparmor_parser -r /etc/apparmor.d/usr.bin.profile- For profile in compliant mode:
sudo aa-complain /etc/apparmor.d/usr.bin.profile- NOTE:
-
In Ubuntu, you need to install the
apparmor-utilspackage to use theaa-enforceandaa-complaincommands. -
It is also enough to restart the computer to enable the profiles.
-
- View profiles status:
sudo apparmor_status