AppArmor's experimental permissions prompting

April 17, 2026
aisecurityprivacyhardware
A broken laptop screen displayed with colorful glitch being held by a person.
Photo by Beyzanur K. on Pexels

A new layer of control lands in Ubuntu dailies

It has been reported that Ubuntu 24.10 dailies will include an experimental permissions prompting feature that leverages AppArmor to ask users for fine-grained consent when applications try to access files and resources. Think mobile-style permission prompts, but for traditional Linux desktop apps — including unmodified binaries that have never heard of permission dialogs. It’s a big idea: give people meaningful control over what each app can do, right when it tries to do it. Privacy-minded users, rejoice. Skeptics, brace yourselves.

What’s being shipped

The initial implementation is opt-in and focused on the “home” interface — your personal files. Canonical has seeded two new components: prompting-client (a Flutter-based UI that surfaces permission requests) and a desktop-security-center for managing rules. It has also been reported that changes in snapd (coming as snapd 2.65) and deeper AppArmor hooks make the magic happen. The teams behind snapd, security, and desktop have been working on this for years; this is the first public incarnation aimed at gathering real user feedback.

How it actually works

Today, snaps declare interfaces and snapd generates AppArmor profiles on install; AppArmor then allows or denies actions based on those profiles. Prompting inserts an active step: when an app with the home interface tries to access files, snapd can ask the user for a narrower permission at the moment of access. Those prompts are mediated by AppArmor at the syscall level, allegedly ensuring that every action is checked even for apps unaware of the mediation. The Security Center becomes the place to see and edit rules, and prompts will include what’s being requested and for how long.

Why it matters — and the catch

This isn’t just another desktop portal; it aims to control legacy binaries without requiring developers to change code. That’s the emotional hook: finally, your desktop can say “not today” to snoopy behavior. But questions remain. Will users be hit with too many dialogs? Can the UX balance clarity and noise? The feature is opt-in and a work in progress, so expect iteration. If it lands well, Linux desktops might get permission controls as intuitive as mobile OSes — but with the granularity power users crave. Time to try it and tell Canonical what hurts.

Sources: discourse.ubuntu.com, Lobsters