AppArmor is a Linux kernel extension that supplements the normal access control system. It can restrict specific processes from accessing files and other system resources. When properly configured, it can protect the system from internal or external threats. By restricting vulnerable processes, AppArmor mitigates the damage security vulnerabilities can cause.

By default, AppArmor doesn’t do very much, running silently in the background. Currently, it is only accessible through the command-line, and requires some specialized knowledge to configure.

The AppAnvil project aims to create an intuitive graphical interface for monitoring and configuring AppArmor. In particular, we want it to be easy to monitor and deploy profiles, change a profile’s permissions, and to parse system logs. This would also make it easier for users to modify the confinement of snap packages.