diff --git a/install/dist/conf/centos52.conf.php b/install/dist/conf/centos52.conf.php
index 6dff93f65f3a609cb32111f483fdb10727efbec4..9a7e2d0cadfd8e64cbb6e411f18446812237ea9e 100644
--- a/install/dist/conf/centos52.conf.php
+++ b/install/dist/conf/centos52.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/centos53.conf.php b/install/dist/conf/centos53.conf.php
index 6dff93f65f3a609cb32111f483fdb10727efbec4..9a7e2d0cadfd8e64cbb6e411f18446812237ea9e 100644
--- a/install/dist/conf/centos53.conf.php
+++ b/install/dist/conf/centos53.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/centos70.conf.php b/install/dist/conf/centos70.conf.php
index 0465e5618a0a33e6e4dc27813b237356c275d090..efe166e0791214cc26afc6768712a14283c31c2a 100644
--- a/install/dist/conf/centos70.conf.php
+++ b/install/dist/conf/centos70.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/centos72.conf.php b/install/dist/conf/centos72.conf.php
index 8bb2ca5239875b47d37a36a7ca940517f8091b57..f4a3c937baf7e1bcb42ae5701605458e1465a2af 100644
--- a/install/dist/conf/centos72.conf.php
+++ b/install/dist/conf/centos72.conf.php
@@ -224,4 +224,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/centos80.conf.php b/install/dist/conf/centos80.conf.php
index 36e85e02d2448f6e9dba8a216eaa3561d46478cb..1a354d3644f0033739b79a8406ac9a2d188b7c41 100644
--- a/install/dist/conf/centos80.conf.php
+++ b/install/dist/conf/centos80.conf.php
@@ -224,4 +224,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debian100.conf.php b/install/dist/conf/debian100.conf.php
index b6b0dc4135156e154a58c0793d53b4d2475b1f1d..30f483980aad9cf651d70f2ca507085ece7d2814 100644
--- a/install/dist/conf/debian100.conf.php
+++ b/install/dist/conf/debian100.conf.php
@@ -236,4 +236,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debian110.conf.php b/install/dist/conf/debian110.conf.php
index 10f57d88a1f04af767c4b783a14095360c831b2c..ce5bda7170aae2a3db322c9dd43650d67c462ef0 100644
--- a/install/dist/conf/debian110.conf.php
+++ b/install/dist/conf/debian110.conf.php
@@ -236,4 +236,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debian40.conf.php b/install/dist/conf/debian40.conf.php
index c04a54e998e5224e6d061937527184e18b27cc34..653b979a6735aef6823fc5a8ad0af603ec65e90c 100644
--- a/install/dist/conf/debian40.conf.php
+++ b/install/dist/conf/debian40.conf.php
@@ -229,4 +229,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 $conf['openvz']['installed'] = false;
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debian60.conf.php b/install/dist/conf/debian60.conf.php
index e7c8f59845f5cf4b957c5c5fc791f61990ce493f..3577869bcd908616b54c7d4eb67756e01008f526 100644
--- a/install/dist/conf/debian60.conf.php
+++ b/install/dist/conf/debian60.conf.php
@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debian90.conf.php b/install/dist/conf/debian90.conf.php
index b253a31f227c67e02c38e7289f70bb17a168cfa8..1abbf732a1201da6d2ef036bc5c60f8affdb7d83 100644
--- a/install/dist/conf/debian90.conf.php
+++ b/install/dist/conf/debian90.conf.php
@@ -236,4 +236,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/debiantesting.conf.php b/install/dist/conf/debiantesting.conf.php
index 3a06dfb86b5f2a310dcebe0b56469e295002dd6c..6564be0dab1be4dc5924ce9157a15496459b65c5 100644
--- a/install/dist/conf/debiantesting.conf.php
+++ b/install/dist/conf/debiantesting.conf.php
@@ -236,4 +236,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/fedora32.conf.php b/install/dist/conf/fedora32.conf.php
index 6701bb8729f66efaf198deed3b2037bc15475049..0280959988e0a2a8ef4ad57d354580dd350aba17 100644
--- a/install/dist/conf/fedora32.conf.php
+++ b/install/dist/conf/fedora32.conf.php
@@ -226,4 +226,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/fedora33.conf.php b/install/dist/conf/fedora33.conf.php
index 873376fa2cc5ddfbb1dcb63a360040083f196d32..677731c01e20c4c184218777e3c6e55f1b303b5e 100644
--- a/install/dist/conf/fedora33.conf.php
+++ b/install/dist/conf/fedora33.conf.php
@@ -226,4 +226,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/fedora9.conf.php b/install/dist/conf/fedora9.conf.php
index 23453ae48fc5fea77fbd965a8d57d28cafd49032..c05d21a155ee3545dafab4fb647b62d81bada6d8 100644
--- a/install/dist/conf/fedora9.conf.php
+++ b/install/dist/conf/fedora9.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/gentoo.conf.php b/install/dist/conf/gentoo.conf.php
index 23558a164d7f11a2bea85d20833052481da06a85..057d397796d931fe54a7a962227be66fe03a95e0 100644
--- a/install/dist/conf/gentoo.conf.php
+++ b/install/dist/conf/gentoo.conf.php
@@ -238,4 +238,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/opensuse110.conf.php b/install/dist/conf/opensuse110.conf.php
index 37f5a14d3b8e28f8517ac42e07690c8197480cb3..ac4f5a3e1850cf708199050e80d8c2bbdee2916d 100644
--- a/install/dist/conf/opensuse110.conf.php
+++ b/install/dist/conf/opensuse110.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';;
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/opensuse112.conf.php b/install/dist/conf/opensuse112.conf.php
index 378320a144eb645262d39e645a1e994d7d2823d7..eda4879004b23af81d6c9db6127b6c1b94697ba6 100644
--- a/install/dist/conf/opensuse112.conf.php
+++ b/install/dist/conf/opensuse112.conf.php
@@ -221,4 +221,7 @@ $conf['cron']['wget'] = '/usr/bin/wget';
 //* OpenVZ
 $conf['openvz']['installed'] = false;
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/ubuntu1604.conf.php b/install/dist/conf/ubuntu1604.conf.php
index bd8d0bcd1cbb794cbd1ea39cdb4591328517738b..1893a93fbf09516e25b3e2cc0f2cbc6f22f7c187 100644
--- a/install/dist/conf/ubuntu1604.conf.php
+++ b/install/dist/conf/ubuntu1604.conf.php
@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/ubuntu1710.conf.php b/install/dist/conf/ubuntu1710.conf.php
index d3653885492dc3d3ae2ded30eef5815ab65065af..b37c91291f2182fd4cc7b506f4b657cc8c3608fd 100644
--- a/install/dist/conf/ubuntu1710.conf.php
+++ b/install/dist/conf/ubuntu1710.conf.php
@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/ubuntu1804.conf.php b/install/dist/conf/ubuntu1804.conf.php
index fa96f7a5cabf6b691a9d335691744578a699678e..9c2721141329f762368f14003efd67243b6f3c14 100644
--- a/install/dist/conf/ubuntu1804.conf.php
+++ b/install/dist/conf/ubuntu1804.conf.php
@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/dist/conf/ubuntu2004.conf.php b/install/dist/conf/ubuntu2004.conf.php
index 28d4bf3c140e2dad91a04087a0959b2b07f422a5..72bf90d45eefb06f65a54ff05c28057f4e5c12f7 100644
--- a/install/dist/conf/ubuntu2004.conf.php
+++ b/install/dist/conf/ubuntu2004.conf.php
@@ -232,4 +232,7 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';
 
 
+// AppArmor
+$conf['apparmor']['installed'] = false;
+
 ?>
diff --git a/install/install.php b/install/install.php
index b94c1c7f6f78346b3b63ddb4583c766b2d47d7b3..9cc6bb5fa7db8127355fa62711428fe6bd4fbde3 100644
--- a/install/install.php
+++ b/install/install.php
@@ -500,6 +500,12 @@ if($force) {
 	swriteln('Configuring OpenVZ');
 }
 
+// Configure AppArmor
+if($conf['apparmor']['installed']){
+  swriteln('Configuring AppArmor');
+  $inst->configure_apparmor();
+}
+
 if($install_mode == 'standard' || strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
 	//* Check for Firewall
 	if(!$conf['ufw']['installed'] && !$conf['firewall']['installed']) {
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index dc45f209b4051066c204a5e8e1532051fcdb9643..bb5fd5d409362d4a85d61a17626d57fb1b7bfb5c 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -226,6 +226,7 @@ class installer_base {
 		if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
 		if(is_installed('squid')) $conf['squid']['installed'] = true;
 		if(is_installed('nginx')) $conf['nginx']['installed'] = true;
+		if(is_installed('apparmor_status')) $conf['apparmor']['installed'] = true;
 		if(is_installed('iptables') && is_installed('ufw')) {
 			$conf['ufw']['installed'] = true;
 		} elseif(is_installed('iptables')) {
@@ -2478,6 +2479,13 @@ class installer_base {
 		exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
 	}
 
+	public function configure_apparmor() {
+		$configfile = 'apparmor_usr.sbin.named';
+		if(is_file('/etc/apparmor.d/local/usr.sbin.named')) copy('/etc/apparmor.d/local/usr.sbin.named', '/etc/apparmor.d/local/usr.sbin.named~');
+		$content = rf("tpl/".$configfile.".master");
+		wf('/etc/apparmor.d/local/usr.sbin.named', $content);
+	}
+
 	public function configure_ufw_firewall()
 	{
 		if($this->is_update == false) {
diff --git a/install/tpl/apparmor_usr.sbin.named b/install/tpl/apparmor_usr.sbin.named
new file mode 100644
index 0000000000000000000000000000000000000000..38a30ffc875e1447001523efbcd42192fdb6082a
--- /dev/null
+++ b/install/tpl/apparmor_usr.sbin.named
@@ -0,0 +1,2 @@
+/etc/bind/slave/** lrw,
+/etc/bind/slave/ rw,
diff --git a/install/update.php b/install/update.php
index ef2e1fcfe306e4706634f525e4cce319bae0cbee..56316546ac34ae3bdf568c1c3554e35cbd2f59d3 100644
--- a/install/update.php
+++ b/install/update.php
@@ -512,6 +512,12 @@ if($reconfigure_services_answer == 'yes' || $reconfigure_services_answer == 'sel
 	$inst->configure_xmpp('dont-create-certs');
 	}
 
+  // Configure AppArmor
+  if($conf['apparmor']['installed']){
+    swriteln('Configuring AppArmor');
+    $inst->configure_apparmor();
+  }
+
 	if($conf['services']['firewall'] && $inst->reconfigure_app('Firewall', $reconfigure_services_answer)) {
 		if($conf['ufw']['installed'] == true) {
 			//* Configure Ubuntu Firewall