Linux SELinux and AppArmor Guide

Complete beginner-friendly guide to mandatory access control on Linux, covering Arch Linux, CachyOS, and other distributions including SELinux and AppArmor configuration.

---

Table of Contents

1. AppArmor Setup
2. SELinux Setup
3. Configuration
4. Troubleshooting

---

AppArmor Setup

Install AppArmor

Install AppArmor:

# Arch/CachyOS
sudo pacman -S apparmor

# Enable kernel module
sudo systemctl enable apparmor
sudo systemctl start apparmor

Debian/Ubuntu:

sudo apt install apparmor apparmor-utils

Fedora:

sudo dnf install apparmor

AppArmor Status

Check status:

# Check status
sudo aa-status

# List profiles
sudo aa-status --enforced

---

SELinux Setup

Install SELinux

Install SELinux:

# Arch/CachyOS
sudo pacman -S selinux-utils selinux-python

# Note: SELinux requires kernel support
# Usually not enabled by default on Arch

Fedora:

sudo dnf install selinux-policy-targeted

---

Configuration

AppArmor Profiles

Manage profiles:

# List profiles
sudo aa-status

# Enable profile
sudo aa-enforce /etc/apparmor.d/profile-name

# Disable profile
sudo aa-disable /etc/apparmor.d/profile-name

SELinux Configuration

Configure SELinux:

# Check status
getenforce

# Set mode
sudo setenforce enforcing

---

Troubleshooting

AppArmor Issues

Check profiles:

# Check status
sudo aa-status

# Check logs
journalctl -u apparmor

---

Summary

This guide covered mandatory access control for Arch Linux, CachyOS, and other distributions, including AppArmor and SELinux.

---

Next Steps

• Security Configuration - Security setup
• System Hardening - System hardening
• ArchWiki AppArmor: https://wiki.archlinux.org/title/AppArmor

---

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.