{"id":2517,"date":"2023-03-22T14:44:34","date_gmt":"2023-03-22T06:44:34","guid":{"rendered":"http:\/\/nick.txtcc.com\/?p=2517"},"modified":"2023-03-22T14:54:55","modified_gmt":"2023-03-22T06:54:55","slug":"enable-disable-apparmor","status":"publish","type":"post","link":"http:\/\/nick.txtcc.com\/index.php\/linux\/2517","title":{"rendered":"Enable \/ Disable AppArmor"},"content":{"rendered":"<table class=\"base\" summary=\"1\">\n<tbody>\n<tr>\n<td class=\"num\">[1]<\/td>\n<td>Display thye current status of AppArmor to use AppArmor.\n(Follow is the status of default settings after installing Ubuntu)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table class=\"term\" summary=\"1-1\">\n<tbody>\n<tr>\n<td>\n<div class=\"color2\"># show status\n# 13 profiles are loaded in [enforce] mode<\/div>\nroot@dlp:~#\n<div class=\"color1\">aa-status<\/div>\n<pre>apparmor module is loaded.\n13 profiles are loaded.\n13 profiles are in enforce mode.\n   \/usr\/bin\/man\n   \/usr\/lib\/NetworkManager\/nm-dhcp-client.action\n   \/usr\/lib\/NetworkManager\/nm-dhcp-helper\n   \/usr\/lib\/connman\/scripts\/dhclient-script\n   \/usr\/lib\/snapd\/snap-confine\n   \/usr\/lib\/snapd\/snap-confine\/\/mount-namespace-capture-helper\n   \/{,usr\/}sbin\/dhclient\n   lsb_release\n   man_filter\n   man_groff\n   nvidia_modprobe\n   nvidia_modprobe\/\/kmod\n   tcpdump\n0 profiles are in complain mode.\n0 profiles are in kill mode.\n0 profiles are in unconfined mode.\n0 processes have profiles defined.\n0 processes are in enforce mode.\n0 processes are in complain mode.\n0 processes are unconfined but have a profile defined.\n0 processes are in mixed mode.\n0 processes are in kill mode.\n\n<\/pre>\n<div class=\"color2\"># configration files of each profile are under the directory below<\/div>\nroot@dlp:~#\n<div class=\"color1\"><a href=\"https:\/\/www.server-world.info\/en\/command\/html\/ls.html\">ll<\/a>\u00a0\/etc\/apparmor.d<\/div>\n<pre>total 92\ndrwxr-xr-x  8 root root  4096 Dec  8 10:33 .\/\ndrwxr-xr-x 97 root root  4096 Dec 15 11:14 ..\/\ndrwxr-xr-x  2 root root  4096 Sep 19 12:51 abi\/\ndrwxr-xr-x  4 root root 12288 Sep 19 12:51 abstractions\/\ndrwxr-xr-x  2 root root  4096 Apr 21  2022 disable\/\ndrwxr-xr-x  2 root root  4096 Mar 10  2022 force-complain\/\ndrwxr-xr-x  2 root root  4096 Sep 19 12:51 local\/\n-rw-r--r--  1 root root  1339 Mar 10  2022 lsb_release\n-rw-r--r--  1 root root  1189 Mar 10  2022 nvidia_modprobe\n-rw-r--r--  1 root root  3461 Jul 19 16:54 sbin.dhclient\ndrwxr-xr-x  5 root root  4096 Sep 19 12:51 tunables\/\n-rw-r--r--  1 root root  3448 Mar 18  2022 usr.bin.man\n-rw-r--r--  1 root root  1421 Jun 21  2021 usr.bin.tcpdump\n-rw-r--r--  1 root root 28486 Nov 28 13:53 usr.lib.snapd.snap-confine.real\n-rw-r--r--  1 root root  1592 Nov 16  2021 usr.sbin.rsyslogd\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table class=\"base\" summary=\"2\">\n<tbody>\n<tr>\n<td class=\"num\">[2]<\/td>\n<td>If you&#8217;d like to disable AppArmor itself, configure like follows.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table class=\"term\" summary=\"2-1\">\n<tbody>\n<tr>\n<td>\n<div class=\"block\">\n<div class=\"color2\"># unload current all loaded profiles<\/div>\nroot@dlp:~#\n<div class=\"color1\">aa-teardown<\/div>\nUnloading AppArmor profiles<\/div>\n<div class=\"block\">root@dlp:~#\n<div class=\"color1\">aa-status<\/div>\napparmor module is loaded.<\/div>\n<div class=\"color2\"># disable loading profiles when system booting<\/div>\nroot@dlp:~#\n<div class=\"color1\"><a href=\"https:\/\/www.server-world.info\/en\/command\/html\/systemctl.html\">systemctl<\/a>\u00a0disable apparmor<\/div>\nSynchronizing state of apparmor.service with SysV service script with \/lib\/systemd\/systemd-sysv-install.\nExecuting: \/lib\/systemd\/systemd-sysv-install disable apparmor\nRemoved \/etc\/systemd\/system\/sysinit.target.wants\/apparmor.service.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","protected":false},"excerpt":{"rendered":"<p>[1] Display thye current status of AppArmor to use AppArmor. (Follow is the status of default settin&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2517","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/2517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/comments?post=2517"}],"version-history":[{"count":1,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/2517\/revisions"}],"predecessor-version":[{"id":2518,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/2517\/revisions\/2518"}],"wp:attachment":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/media?parent=2517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/categories?post=2517"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/tags?post=2517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}