I think AppArmor is a great tool to add an additional layer of security without much effort. While it is normally easy to create a profile for a simple server program it is much more complex in case of desktop applications.

The most vulnerable desktop application is the browser so it would be great to have an AppArmor profile for it.

There is/was already an AppArmor profile for Chromium on Ubuntu but this at least didn't work in the past on openSUSE so will try to adapt it accordingly or create a new one.


Comments

  • cboltz
    over 3 years ago by cboltz | Reply

    If you need help on the AppArmor side, feel free to ask me. I don't use chromium, but I can translate audit.log to a profile (using aa-logprof or, if needed, manually ;-)

Similar Projects

Get rid of perl-apparmor by goldwynr

Perl-apparmor is obsolete in the apparmor commu...


rewrite YaST2 AppArmor by cboltz

The YaST2 AppArmor module is still based on the...