On 01/15/2014 07:00 AM, Aaron Lewis wrote: > Hi, > > I'm not familiar with apparmor implementation, I want to know which > function in kernel side can be used to disable apparmor? > > I'm talking about kernel version 2.6.32 - 3.12, if that matters > As Jamie has said boot with apparmor=0
apparmor does not expose a runtime function to disable it, once it has registered with the LSM it stays enabled until the next reboot. You could use something like systemtap to overwrite the LSM hooks vector, but just think of that as a kernel exploit. >From boot you have a few options for enabling lsms depending on how your kernel is compiled. You can set the security= kernel parameter to the LSM of your choice (as long as it was enabled in the kernel compile). Selecting a different LSM than apparmor will obviously disable apparmor). security=apparmor security=selinux security=off if apparmor is compiled with the AppArmor boot parameter default value of 1 (default) then when apparmor is enabled, either by being set as the default, or selected by security=apparmor, then apparmor will register on boot. However if the boot parameter default value is 0 (needs to be set in the Kconfig) apparmor will not be enabled on boot even if it is the default or security=apparmor is set. In this case you must also set the apparmor=1 parameter for apparmor to be enabled from boot. Now if by disable apparmor you mean to just have it stop enforcing policy. You can unload all the currently loaded policy by using the teardown command in the init script /etc/init.d/apparmor teardown apparmor will remain active in the kernel but, there is not policy to enforce. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
