Skip to main content

Disable AppArmor in Ubuntu 16.04 LTS ?

AppArmor is a kernel enhancement to confine programs to a limited set of resources. AppArmor's unique security model is to bind access control attributes to programs rather than to users.
AppArmor confinement is provided via profiles loaded into the kernel via apparmor_parser, typically through the /etc/init.d/apparmor SysV initscript (on Ubuntu, Follow the below link for details), which is used like this:
# /etc/init.d/apparmor start
# /etc/init.d/apparmor stop
# /etc/init.d/apparmor restart
# sudo apparmor_status
AppArmor can operate in two modes: enforcement, and complain or learning:
  • enforcement - Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts to syslogd.
  • complain - Profiles loaded in "complain" mode will not enforce policy. Instead, it will report policy violation attempts. This mode is convenient for developing profiles. To manage complain mode for individual profiles the utilities aa-complain and aa-enforce can be used. These utilities take a program name as an argument.
Disable AppArmor framework
Systems should not generally need to have AppArmor disabled entirely. It is highly recommended that users leave AppArmor enabled and put the problematic profile into complain mode (see above), then file a bug using the procedures found in https://wiki.ubuntu.com/DebuggingApparmor. If AppArmor must be disabled (eg to use SELinux instead), users can:
# sudo systemctl stop apparmor
# sudo systemctl disable apparmor
For More Details:
http://manpages.ubuntu.com/manpages/xenial/en/man7/apparmor.7.html
https://help.ubuntu.com/community/AppArmor

Comments