How to Disable and Remove AppArmor on Ubuntu 14.04

remove AppArmor on UbuntuAppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.

Steps to Disable and Remove AppArmor on Ubuntu

1. How to check AppArmor status :

ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
   /sbin/dhclient
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

2. Disable AppArmor and unload the kernel module by entering the following:

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

or

ehowstuff@ubuntu14:~$ sudo service apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

3. Remove AppArmor software :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y

Example :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
 * Clearing AppArmor profiles cache                                                          [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.

To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...

Note : this steps works on ubuntu 14.04 minimal installation without GUI.

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7/CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7/CentOS 7

This article will explain the steps to reset a lost root password or to reset forgotten root password on Linux RHEL 7 or CentOS 7. Basically, the steps will adding...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

6 Comments

  • Avatar for Frank Høvin Frank Høvin says:

    Thanks a lot. This completely ruined my system. The system now starts without X, and there’s no x server or windows manager installed anymore, and no network. How incompetent is it possible to be? You post this to unknowing non-techies? You, sir, are a f…ing idiot and should be banned from posting or writing here.

  • Avatar for Jason Jason says:

    The part that ruins your systems is the “sudo apt-get –purge remove … … ….” section, if you are happy to leave redundant binaries / config files on your system you can safely ignore that commands. The other steps he mentions are perfectly safe and do the job.

  • Avatar for tacoterror tacoterror says:

    grab your .iso in one hand and enter rm -rf /* with the other 🙂

  • Avatar for Hakuna Matata Hakuna Matata says:

    hi all, i was ready to follow your steps , but i read the comments and suddenly fear comes. then i search a bit more on the web and i found that this steps are the officially ubuntu steps you can find here: https://help.ubuntu.com/lts/serverguide/apparmor.html. so i will try and i think that there is no reason to blame ehowstuff for nothing.

Leave a Reply

Your email address will not be published. Required fields are marked *