AppArmor : Enable / Disable AppArmor2025/08/17 |
|
This is the Basic Usage and Configuration for AppArmor (Application Armor). It's possible to use MAC (Mandatory Access Control) feature on Ubuntu for various resources by AppArmor. |
|
| [1] | Display the current status of AppArmor to use AppArmor. (Follow is the status of default settings after installing Ubuntu) |
|
# show status # 13 profiles are loaded in [enforce] mode root@dlp:~# aa-status apparmor module is loaded. 105 profiles are loaded. 6 profiles are in enforce mode. /usr/bin/man lsb_release man_filter man_groff nvidia_modprobe nvidia_modprobe//kmod 23 profiles are in complain mode. Xorg plasmashell plasmashell//QtWebEngineProcess sbuild sbuild-abort sbuild-adduser sbuild-apt sbuild-checkpackages sbuild-clean ..... ..... # configuration files of each profile are under the directory below root@dlp:~# ll /etc/apparmor.d total 416 -rw-r--r-- 1 root root 354 Apr 11 00:06 1password drwxr-xr-x 2 root root 4096 Aug 10 16:17 abi drwxr-xr-x 4 root root 4096 Aug 10 16:17 abstractions -rw-r--r-- 1 root root 374 Apr 11 00:06 balena-etcher -rw-r--r-- 1 root root 348 Apr 11 00:06 brave -rw-r--r-- 1 root root 342 Apr 11 00:06 buildah -rw-r--r-- 1 root root 342 Apr 11 00:06 busybox -rw-r--r-- 1 root root 330 Apr 11 00:06 cam -rw-r--r-- 1 root root 351 Apr 11 00:06 ch-checkns -rw-r--r-- 1 root root 349 Apr 11 00:06 chrome ..... ..... |
| [2] | If you'd like to disable AppArmor itself, configure like follows. |
|
# unload current all loaded profiles root@dlp:~# aa-teardown Unloading AppArmor profiles
root@dlp:~#
aa-status apparmor module is loaded. # disable loading profiles when system booting root@dlp:~# systemctl disable apparmor Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable apparmor Removed /etc/systemd/system/sysinit.target.wants/apparmor.service. |
| Sponsored Link |
|
|