Leveraging AppArmor
AppArmor controls which privileges should be granted to an application that is running on the system. This way even vulnerabilities that are yet unknown can be mitigated.
The following applications are guarded by AppArmor:
- Firefox browser
- Cups print server
- Evince pdf viewer
The following system programs are guarded by AppArmor:
- tcpdump
- haveged
- dhclient
By default, AppArmor is enabled. They registry key is system.security.apparmor