≡ Menu

Linux: Start / Stop / Restart Apparmor

AppArmor is a Linux Security Module (LSM) implementation of name-based mandatory access controls (MAC). How do I start / stop / restart AppArmor under Ubuntu Linux or OpenSuse / Suse Enterprise Linux server systems running on IBM hardware?

AppArmor is an effective and easy-to-use Linux application security system. AppArmor protects the Linux operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsSuse/Ubuntu/Debian
Estimated completion timeN/A
AppArmor security policies completely define what system resources individual applications can access, and with what privileges. You need to use the following init.d scripts to control AppArmor:

[a] Debian/Ubuntu Linux - /etc/init.d/apparmor ( or use sudo service apparmor command).

[b] OpenSUSE / Suse Enterprise Linux - /etc/init.d/boot.apparmor

Task: Stop Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor stop
 
## Suse
/etc/init.d/boot.apparmor stop
 

Task: Start Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor start
 
## Suse
/etc/init.d/boot.apparmor start
 

Task: Restart Apparmor

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor restart
 
## Suse
/etc/init.d/boot.apparmor restart
 

Task: See the current Apparmor status

Type the following command:

## debian/ubuntu 
sudo /etc/init.d/apparmor status
 
## Suse
/etc/init.d/boot.apparmor status
 

Sample outputs:

apparmor module is loaded.
17 profiles are loaded.
17 profiles are in enforce mode.
   /bin/ping
   /sbin/klogd
   /sbin/syslog-ng
   /sbin/syslogd
   /usr/lib/PolicyKit/polkit-explicit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper
   /usr/lib/PolicyKit/polkit-grant-helper-pam
   /usr/lib/PolicyKit/polkit-read-auth-helper
   /usr/lib/PolicyKit/polkit-resolve-exe-helper
   /usr/lib/PolicyKit/polkit-revoke-helper
   /usr/lib/PolicyKit/polkitd
   /usr/sbin/avahi-daemon
   /usr/sbin/identd
   /usr/sbin/mdnsd
   /usr/sbin/nscd
   /usr/sbin/ntpd
   /usr/sbin/traceroute
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode :
   /sbin/klogd (812)
   /sbin/syslog-ng (809)
   /usr/sbin/nscd (6229)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
References:
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 1 comment… add one }

  • majid May 27, 2014, 7:54 pm

    hi
    i can’t use linux mint 16
    this error :apparmor shall policy enable
    please help me
    thank you

Leave a Comment