Arch Linux SELinux and AppArmor Guide

Complete beginner-friendly guide to mandatory access control on Arch Linux, including SELinux and AppArmor configuration.

---

Table of Contents

1. AppArmor Setup
2. SELinux Setup
3. Configuration
4. Troubleshooting

---

AppArmor Setup

Install AppArmor

Install AppArmor:

# Install AppArmor
sudo pacman -S apparmor

# Enable kernel module
sudo systemctl enable apparmor
sudo systemctl start apparmor

AppArmor Status

Check status:

# Check status
sudo aa-status

# List profiles
sudo aa-status --enforced

---

SELinux Setup

Install SELinux

Install SELinux:

# Install SELinux
sudo pacman -S selinux-utils selinux-python

# Note: SELinux requires kernel support
# Usually not enabled by default on Arch

---

Configuration

AppArmor Profiles

Manage profiles:

# List profiles
sudo aa-status

# Enable profile
sudo aa-enforce /etc/apparmor.d/profile-name

# Disable profile
sudo aa-disable /etc/apparmor.d/profile-name

---

Troubleshooting

AppArmor Issues

Check logs:

# Check AppArmor logs
sudo dmesg | grep apparmor

# Check audit logs
sudo journalctl | grep apparmor

---

Summary

This guide covered AppArmor, SELinux setup, configuration, and troubleshooting.

---

Next Steps

• Arch Linux Security Configuration - Security
• Arch Linux System Hardening - Hardening
• ArchWiki AppArmor: https://wiki.archlinux.org/title/AppArmor

---

This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.