diff --git a/modules/module-list.nix b/modules/module-list.nix
index 1e5ec300df5..0b139c95141 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -47,6 +47,7 @@
   ./programs/ssmtp.nix
   ./programs/wvdial.nix
   ./rename.nix
+  ./security/apparmor.nix
   ./security/ca.nix
   ./security/consolekit.nix
   ./security/pam.nix
diff --git a/modules/security/apparmor.nix b/modules/security/apparmor.nix
new file mode 100644
index 00000000000..2e273bf5343
--- /dev/null
+++ b/modules/security/apparmor.nix
@@ -0,0 +1,52 @@
+{pkgs, config, ...}:
+let
+  cfg = config.security.apparmor;
+in
+with pkgs.lib;
+{
+
+  ###### interface
+
+  options = {
+
+    security.apparmor = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable AppArmor application security system
+        '';
+      };
+
+      profiles = mkOption {
+        default = [];
+	merge = mergeListOption;
+        description = ''
+	  List of file names of AppArmor profiles.
+	'';
+      };
+
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf (cfg.enable) {
+
+    jobs.apparmor =
+      { startOn = "startup";
+
+	path = [ pkgs.apparmor ];
+
+        preStart = concatMapStrings (profile: ''
+          apparmor_parser -Kv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
+        '') cfg.profiles;
+
+	postStop = ''
+	'';
+      };
+
+  };
+
+}