Difficulty: Beginner
Estimated Time: 10 minutes

In this scenario, you will learn how to install and apply AppArmor profiles.

In the second step of the scenario, you will learn how to create and customise your own AppArmor profile by using Bane, a tool created by Jess Frazelle

Bane - AppArmor Profile Generator

Step 1 of 2


Upgrade Docker

curl -fsSL get.docker.com | bash

AppArmor Nginx Profile

cat docker-nginx

This is a profile designed for the nginx Container.


Use the parser to install the profile on the machine

sudo apparmor_parser -r -W docker-nginx

Run With Profile

Once installed, it can be assigned to a container.

docker run --security-opt apparmor=docker-nginx -d --name apparmor-nginx nginx

View Status

View the status of the AppArmor policies. Notice how nginx is in enforce mode.



Execute Into Container: docker exec -it apparmor-nginx bash

Try the following commands:

touch ~/thing
touch /bin/ps

The commands will fail because the Profile blocks them.