AppArmor controls which privileges should be granted to an application that is running on the system. This way even vulnerabilities that are yet unknown can be mitigated. 

The following applications are guarded by AppArmor:

  • Firefox browser
  • Cups print server
  • Evince pdf viewer

The following system programs are guarded by AppArmor:

  • tcpdump
  • haveged
  • dhclient

By default, AppArmor is enabled. They registry key is system.security.apparmor