AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.
Steps to Disable and Remove AppArmor on Ubuntu
1. How to check AppArmor status :
ehowstuff@ubuntu14:~$ sudo apparmor_status apparmor module is loaded. 4 profiles are loaded. 4 profiles are in enforce mode. /sbin/dhclient /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/sbin/tcpdump 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /sbin/dhclient (669) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
2. Disable AppArmor and unload the kernel module by entering the following:
ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove
or
ehowstuff@ubuntu14:~$ sudo service apparmor stop ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove
3. Remove AppArmor software :
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Example :
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: apparmor apparmor-utils 0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded. After this operation, 1,467 kB disk space will be freed. (Reading database ... 93228 files and directories currently installed.) Removing apparmor-utils (2.8.95~2430-0ubuntu5) ... Removing apparmor (2.8.95~2430-0ubuntu5) ... * Clearing AppArmor profiles cache [ OK ] All profile caches have been cleared, but no profiles have been unloaded. Unloading profiles will leave already running processes permanently unconfined, which can lead to unexpected situations. To set a process to complain mode, use the command line tool 'aa-complain'. To really tear down all profiles, run the init script with the 'teardown' option." Processing triggers for man-db (2.6.7.1-1) ...
Note : this steps works on ubuntu 14.04 minimal installation without GUI.
6 Comments
Thanks a lot. This completely ruined my system. The system now starts without X, and there’s no x server or windows manager installed anymore, and no network. How incompetent is it possible to be? You post this to unknowing non-techies? You, sir, are a f…ing idiot and should be banned from posting or writing here.
Same thing happened here. Seriously bad call.
.. but I do have to say, it was super easy to totally ruin my system.
Thanks “Skytech”!
The part that ruins your systems is the “sudo apt-get –purge remove … … ….” section, if you are happy to leave redundant binaries / config files on your system you can safely ignore that commands. The other steps he mentions are perfectly safe and do the job.
grab your .iso in one hand and enter rm -rf /* with the other 🙂
hi all, i was ready to follow your steps , but i read the comments and suddenly fear comes. then i search a bit more on the web and i found that this steps are the officially ubuntu steps you can find here: https://help.ubuntu.com/lts/serverguide/apparmor.html. so i will try and i think that there is no reason to blame ehowstuff for nothing.