Security in Manjaro?

Is Manjaro security enhanced with SE Linux or Apparmor and a firewall? Does it need installation?

1 Like

Manjaro supports AppArmor, but it’s not activated by default (at least I think so).

1 Like

SELinux is not currently supported. See SELinux: Current status in Arch Linux

Is this AppArmor, important ? Do I need it ?

thank u

In recent .iso (xfce) it seemd to be installed by default, but maybe not activated. I don’t recall. In any case install apparmor, if not installed.
Enable apparmor: systemctl enable apparmor.service

apparmor=1 security=apparmor
then update grub: sudo update-grub

Restart computer

Then check in terminal:

systemctl status apparmor

1 Like

It is enabled by default, although the amount of profiles that are enforced on a default installation is pretty close to zero.

On a fairly recent Manjaro KDE installation (in VM):

[froggy@kde ~]$ sudo aa-status
[sudo] password for froggy: 
apparmor module is loaded.
5 profiles are loaded.
5 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
[froggy@kde ~]$

apparmor is atleast prepackaged in any version with SNAP …
whether or not those profiles are very effective
(or even enabled via snapd.apparmor.service as opposed to snapd.service … well I wouldnt know as SNAPs are not my thing)

darnit @Frog :stuck_out_tongue_winking_eye:

“Security is something you configure”


It is enabled by default,

I just checked

thanks for the tipp

Firejail and netfilter will not conflict with Apparmor will it, nor each other?


I am an average Joe user but I guess you will feel much better if you consider the following:

  • install the security check tool “lynis” from the official repo and make a check of a default install of Manjaro (pretty good),
  • visit the website “Shields up!” and make all the tests there, you will also feel satisfied,
  • run a firewall like “ufw”,
  • update regularly,
  • install “firejail” and all the standard configuration profiles with “sudo firecfg” or (to avoid a possible hiccup) run just your browsers with firejail,
  • remember that you are likely behind a router with its security features.

Please keep in mind that other Linux distros without Apparmor or SELinux by default like PCLOS have (as far as I know) not reported any security disasters. I really think rolling release with tweaks like those above works quite well. Of course a level of 100% security is not available.

1 Like

Sorry for the late reply. I guess it depends on the way how your installation was made?

I installed my current system via CLI and apparmor was not enabled by default.
I enabled it as per ArchWiki.

These are the kernel parameters that enable apparmor on most installations. I guess this was done at some point by the graphical installer. Not anymore on /etc/default/grub though: