AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.
Steps to Disable and Remove AppArmor on Ubuntu
1. How to check AppArmor status :
[email protected]:~$ sudo apparmor_status apparmor module is loaded. 4 profiles are loaded. 4 profiles are in enforce mode. /sbin/dhclient /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/sbin/tcpdump 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /sbin/dhclient (669) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
2. Disable AppArmor and unload the kernel module by entering the following:
[email protected]:~$ sudo /etc/init.d/apparmor stop [email protected]:~$ sudo update-rc.d -f apparmor remove
[email protected]:~$ sudo service apparmor stop [email protected]:~$ sudo update-rc.d -f apparmor remove
3. Remove AppArmor software :
[email protected]:~$ sudo apt-get remove apparmor apparmor-utils -y
[email protected]:~$ sudo apt-get remove apparmor apparmor-utils -y Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: apparmor apparmor-utils 0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded. After this operation, 1,467 kB disk space will be freed. (Reading database ... 93228 files and directories currently installed.) Removing apparmor-utils (2.8.95~2430-0ubuntu5) ... Removing apparmor (2.8.95~2430-0ubuntu5) ... * Clearing AppArmor profiles cache [ OK ] All profile caches have been cleared, but no profiles have been unloaded. Unloading profiles will leave already running processes permanently unconfined, which can lead to unexpected situations. To set a process to complain mode, use the command line tool 'aa-complain'. To really tear down all profiles, run the init script with the 'teardown' option." Processing triggers for man-db (220.127.116.11-1) ...
Note : this steps works on ubuntu 14.04 minimal installation without GUI.