To disable AppArmor in the kernel to either:
- adjust your kernel boot command line (see /etc/default/grub) to include either.
- * 'apparmor=0'
- * 'security=XXX' where XXX can be "" to disable AppArmor or an alternative LSM name, eg. 'security="selinux"'
- remove the apparmor package with your package manager.
- Should you disable AppArmor?
- What is AppArmor service?
- What is AppArmor complain mode?
- How do I reset AppArmor?
Should you disable AppArmor?
AppArmor has the ability to disable specific profiles rather than simply turning it on or off, yet I've seen people in IRC and forums advise others to disable AppArmor completely. This is totally misguided and YOU SHOULD NEVER DISABLE APPARMOR ENTIRELY to work around a profiling problem.
What is AppArmor service?
AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths.
What is AppArmor complain mode?
In complain mode, AppArmor allows applications to take restricted actions and creates a log entry complaining about this. Complain mode is ideal for testing an AppArmor profile before enabling it in enforce mode – you'll see any errors that would occur in enforce mode.
How do I reset AppArmor?
- Task: Stop Apparmor. Type the following command: ## debian/ubuntu sudo /etc/init.d/apparmor stop ## Suse /etc/init.d/boot.apparmor stop.
- Task: Start Apparmor. Type the following command: ...
- Task: Restart Apparmor. Type the following command: ...
- Task: See the current Apparmor status. Type the following command: