[pkg-apparmor] Bug#872266: Bug#872266: apparmor-profiles-extra: Disable profiles before uninstalling them
Seth Arnold
seth.arnold at canonical.com
Mon Sep 11 23:31:47 UTC 2017
On Sat, Sep 09, 2017 at 08:24:40PM +0200, intrigeri wrote:
> 2. For a more fine-grained approach, you can unload a profile even
> after the file was removed using the securityfs e.g.:
>
> echo -n klogd | sudo tee /sys/kernel/security/apparmor/.remove
>
> … successfully unloads the klogd profile on my system.
> I could not find where this is documented though :/
>
> Granted, none of these is obvious, and from a user-centric perspective
> "there is no way" is a valid assertion :)
We usually tell people to use:
echo "klogd { }" | apparmor_parser --remove
It's not ideal but I prefer it over having to know the kernel API.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20170911/95019a35/attachment.sig>
More information about the pkg-apparmor-team
mailing list