AppArmor Language Server
Full-featured language support for AppArmor profiles,
powered by apparmor-language-server.
Features
| Feature |
Details |
| Completions |
Rule keywords with snippets, all Linux capabilities, network families/types/protocols, signal names, ptrace/mount/dbus/unix permissions, file permission strings, @{variable} names, include abstraction paths, live filesystem path completion |
| Hover |
Rich documentation for every keyword, capability, permission character, network family, profile flag, and variable |
| Diagnostics |
Unknown capabilities, network types, signal/ptrace/mount/dbus/unix/mqueue/rlimit values; dangerous unconfined exec modes; conflicting flags; conflicting allow+deny; undefined variables; missing include/abi targets; and more — plus apparmor_parser syntax errors when available |
| Code Actions |
Quick fixes for flagged diagnostics (e.g. remove unknown capability, annotate to suppress a warning) |
| Go to Definition |
Jump from include <…> to the target file; jump to profile definitions |
| Formatting |
Normalise indentation, sort capability and permission lists, ensure trailing commas, align consecutive file rules, wrap long rules, normalise #include → include, collapse blank lines |
| Semantic Tokens |
Theme-aware syntax highlighting for rule keywords, qualifiers, paths, permissions, variables, and more |
| Document Symbols |
Outline view showing all profiles, hats, capabilities, file rules, includes and variables |
| Folding |
Collapse profile, hat, if, and qualifier blocks |
| References |
Find all uses of a variable across open documents |
| Rename |
Rename a variable (@{VAR}) across all open documents |
| Selection Range |
Expand selection from rule → block → profile on each keypress |
Requirements
The extension is a client for
apparmor-language-server.
Install the server before using this extension.
Install from snap (recommended)
sudo snap install apparmor-language-server
Note: If VS Code is also installed as a snap, install from source
instead. A strictly-confined snap cannot be spawned from a
classic-confinement snap (VS Code), so the server would fail to start.
Install from PyPI (coming soon)
pip install apparmor-language-server
Install from source
git clone https://gitlab.com/apparmor/apparmor-language-server
cd apparmor-language-server
pip install .
Extension Settings
| Setting |
Default |
Description |
apparmor.serverPath |
"" |
Explicit path to the apparmor-language-server executable. Takes precedence over all other settings. |
apparmor.pythonPath |
"" |
Path to a Python interpreter that has apparmor-language-server installed. Consulted when the server is not found on PATH. |
apparmor.diagnostics.enable |
true |
Enable or disable all diagnostic checks. |
apparmor.baseDir |
"" |
AppArmor base directory override (e.g. /var/lib/snapd/apparmor for snap). Leave empty for the system default (/etc/apparmor). |
apparmor.includeSearchPaths |
[] |
Additional directories to search when resolving include directives. |
apparmor.parserConfigFile |
"" |
Path to an apparmor_parser configuration file. |
apparmor.apparmorParserPath |
"" |
Path to the apparmor_parser binary for syntax validation. |
apparmor.formatting.maxLineLength |
100 |
Maximum line length before rules are wrapped. Set to 0 to disable. |
apparmor.formatting.fileRuleStyle |
node-local |
Style for file rules: implicit (omit file keyword), explicit (include it), or node-local (preserve each rule's existing style). |
apparmor.formatting.sortLists |
true |
Sort parenthesised permission and flag lists alphabetically. |
apparmor.formatting.normalizeInclude |
true |
Rewrite legacy #include directives as include. |
apparmor.formatting.maxBlankLines |
1 |
Maximum consecutive blank lines to keep. Set to -1 to disable collapsing. |
Commands
| Command |
Description |
AppArmor: Restart Language Server |
Stop and restart the language server (useful after changing settings or reinstalling the server). |
Language Detection
The extension activates for files under any apparmor.d/ directory
(matching the pattern **/apparmor.d/**), which covers the standard
system profile directory /etc/apparmor.d/ and snap equivalents.
For any other file (e.g. a profile with no extension outside apparmor.d/),
set the language manually: click the language indicator in the VS Code status
bar and select AppArmor.
Issues and Contributing
| |
