apparmor_status
display various information about the current AppArmor policy.
Synopsis
aa-status
[option]
add an example, a script, a trick and tips
examples
no example yet ...
... Feel free to add your own example above to help other Linux-lovers !
description
aa-status
will report various aspects of the current state of AppArmor
confinement. By default, it displays the same information as
if the --verbose argument were given. A
sample of what this looks like is:
apparmor module is loaded.
110 profiles are loaded.
102 profiles are in enforce mode.
8 profiles are in complain mode.
Out of 129 processes running:
13 processes have profiles defined.
8 processes have profiles in enforce mode.
5 processes have profiles in complain mode.
Other argument
options are provided to report individual aspects, to
support being used in scripts.
options
aa-status
accepts only one argument at a time out of:
--enabled
returns error code if AppArmor
is not enabled.
--profiled
displays the number of loaded
AppArmor policies.
--enforced
displays the number of loaded
enforcing AppArmor policies.
--complaining
displays the number of loaded
non-enforcing AppArmor policies.
--verbose
displays multiple data points
about loaded AppArmor policy set (the default action if no
arguments are given).
--help
displays a short usage
statement.
bugs
aa-status
must be run as root to read the state of the loaded policy
from the apparmor module. It uses the /proc filesystem to
determine which processes are confined and so is susceptible
to race conditions.
Upon exiting,
aa-status will set its return value to the following
values:
0
if apparmor is enabled and policy is loaded.
1
if apparmor is not enabled/loaded.
2
if apparmor is enabled but no policy is loaded.
3
if the apparmor control files aren’t available
under /sys/kernel/security/.
4
if the user running the script doesn’t have enough
privileges to read the apparmor control files.
If you find any
additional bugs, please report them at
<http://https://bugs.launchpad.net/apparmor/+filebug>.
see also
apparmor,
apparmor.d, and
<http://wiki.apparmor.net>.