apparmor-profile-everything is an experimental AppArmor policy which confines all user space processes on the system. It is still currently in development and requires testing.
Install it by executing:
sudo apt-get install apparmor-profile-everything
Then reboot.
apparmor-profile-everything supports different boot modes: aadebug and superroot. aadebug allows certain permissions necessary for advanced debugging and superroot relaxes the policy substantially, even making bypasses possible. It is highly recommended to stick to the default boot mode.
It also contains a wrapper to restrict apt as apt requires permissions that may be abused to circumvent the policy. When updating or installing applications, you must use the rapt command.
Please report any issues you face while using this so they can be resolved.
See also: