Building the Largest Working Set of AppArmor Profiles

Explore the development of the largest working set of AppArmor profiles in this conference talk. Discover how the apparmor.d project aims to provide a comprehensive set of profiles for major Linux distributions, including Debian, Ubuntu, OpenSUSE, Archlinux, and Ubuntu Core. Learn about the challenges faced in creating over 1400 profiles to ensure most Linux processes remain confined. Delve into the security architecture of the profiles, the selection process for programs to confine, and the integration testing methods using Go, virtual machines, and hundreds of manually created and automatically generated tests. Gain insights into the project's tooling, documentation, and access the published profiles on GitHub.