Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print VersionDebug Helper Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

apparmor-profile-everything is an AppArmor policy to confine all user space processes on the system. This allows users to enforce a strong security model and follow the principle of least privilege. An AppArmor policy for the init and systemd is loaded in the initramfs, which then applies to all other processes. Specific policies for many system services/applications are also enforced.

Planned replacement: apparmor.d

Deprecated[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Deprecated Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Apparmor-profile-everything#Deprecated|Deprecated]]
Copy as Wikitext Click = Copy Copied to clipboard! [Deprecated](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Deprecated)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Deprecated](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Deprecated)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Deprecated]Deprecated[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

apparmor-profile-everything is deprecated!

It might become replaced by apparmor.d, see

• https://github.com/roddhjav/apparmor.d/issues/252
• https://forums.whonix.org/t/apparmor-d-full-set-of-apparmor-profiles-1500-profiles/17389
• https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/481

Design[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Design Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Apparmor-profile-everything#Design|Design]]
Copy as Wikitext Click = Copy Copied to clipboard! [Design](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Design)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Design](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Design)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Design]Design[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

This full system AppArmor policy imitates design ideas that are already present in other operating systems such as Android and attempts to make something similar available on desktop Linux.

In addition to locking down user space, this also protects the kernel as it restricts access to kernel interfaces like /proc or /sys, thereby making kernel pointer and other leaks much less likely. However, this does not and cannot confine the kernel or initramfs.

This AppArmor policy is expected to be used in combination with other security technologies such as a hardened kernel, strong sandboxing architecture, verified boot and so on.

apparmor-profile-everything supports different boot modes: aadebug and superroot. aadebug allows certain permissions necessary for advanced debugging and superroot relaxes the policy substantially, even making bypasses possible. It is highly recommended to stick to the default boot mode.

It also contains a wrapper to restrict apt, as apt requires permissions that may be abused to circumvent the policy. When updating or installing applications, the rapt command must be used.

Platform Support[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Platform_Support Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Apparmor-profile-everything#Platform_Support|Platform Support]]
Copy as Wikitext Click = Copy Copied to clipboard! [Platform Support](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Platform_Support)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Platform Support](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Platform_Support)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#Platform_Support]Platform Support[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

apparmor-profile-everything is currently broken in Kicksecure for Qubes. madaidan developed it for non-Qubes environment.

Nobody is working on Kicksecure-Qubes support at present, see: Qubes-Whonix Security Disadvantages - Help Wanted!

References[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#References Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Apparmor-profile-everything#References|References]]
Copy as Wikitext Click = Copy Copied to clipboard! [References](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#References)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [References](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#References)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582#References]References[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• https://github.com/roddhjav/apparmor.d
• https://forums.whonix.org/t/using-apparmor-profile-everything-on-debian-buster/8650
• https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339

Kicksecure A secure by default operating system with the latest security research in place. Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582 Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Apparmor-profile-everything|apparmor-profile-everything]]
Copy as Wikitext Click = Copy Copied to clipboard! [apparmor-profile-everything](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [apparmor-profile-everything](https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Apparmor-profile-everything?stableid=84582]apparmor-profile-everything[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!