diff --git a/hosts/thinkpad/apparmor.nix b/hosts/thinkpad/apparmor.nix
new file mode 100644
index 0000000..dd96254
--- /dev/null
+++ b/hosts/thinkpad/apparmor.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  security.apparmor.enable = true;
+  security.apparmor.killUnconfinedConfinables = true;
+}
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 60c9b95..f61a1b8 100644
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -10,6 +10,7 @@
     [ (import ./kernel.nix) ] ++
     [ (import ./auditd.nix) ] ++
     [ (import ./openssh.nix) ] ++
+    [ (import ./apparmor.nix) ] ++
     [ (import ../../modules/desktop/hyprland/default.nix) ]; # Window Manager
 
   hardware.sane = {