Well, unfortunately I don’t have installation instructions that work ^^ Gonna post them as soon as i solved the problem, but I am currently really stuck.
However, if you want to try it:
- create a new debian-12 template, let’s call it
apparmor-test - run:
sudo apt install apparmor-utils rsyslog auditd
auditd may not be needed
3. install the application you want to create a profile for
sudo apt install firefox-esr
firefox is just used as an example. it is probably better to use install the flatpak verison of firefox
4. run
sudo aa-genprof firefox
& do some things in firefox (for testing purposes, I did connect it to the internet. However, this is not advised.)
5. afterwards: hit S for scan and normally there should pop up a text asking you if you want to grant permission for xyz. However, this is not happening on my tests. If you have the same error as me, hit F afterwards. Now the - nearly empty - apparmor profile should be applied
6. run firefox - you should see that you can’t even start it because apparmor doesn’t grant any permission