In recent .iso (xfce) it seemd to be installed by default, but maybe not activated. I don’t recall. In any case install apparmor, if not installed.
Enable apparmor: systemctl enable apparmor.service
add in grub to GRUB_CMDLINE_LINUX_DEFAULT
apparmor=1 security=apparmor
then update grub: sudo update-grub
Restart computer
Then check in terminal:
aa-enabled
systemctl status apparmor