AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.
Steps to Disable and Remove AppArmor on Ubuntu
1. How to check AppArmor status :
ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
2. Disable AppArmor and unload the kernel module by entering the following:
ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove
or
ehowstuff@ubuntu14:~$ sudo service apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove
3. Remove AppArmor software :
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Example :
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...
Note : this steps works on ubuntu 14.04 minimal installation without GUI.