1

Where does AppArmor store information about which profiles should be loaded on system start in enforce or complain mode? What happens when I do aa-enforce /etc/apparmor.d/usr.bin.firefox?

My problem is, that I somehow broke some Firefox functionality, even though I have restored /etc/apparmor.d/usr.bin.firefox (and reinstalled Firefox from repositories) and did aa-enforce. (From logs I see that AppArmor is blocking something.) I would like to check HDD backup to see if, that profile had been enforced in the first place (before I broke everything), but I don't know where to look.

I'm using Linux Mint 19, 4.15.0-45-generic.

Improve this question

1 Answer 1

Reset to default
0

The aa-enforce and aa-complain commands edit the profile in place. The aa-disable command creates a symlink in /etc/apparmor.d/disable pointing to the profile.

As I understand, this command does not persist across reboots. It simply changes the status of the profile for the current boot.

Improve this answer
1
  • I have tested it again. Somehow when I did aa-enforce /etc/apparmor.d/firefox, it persisted trough reboot. Same with disabling (aa-disable). I have tested it also with my custom made profile just to be sure. Commented Feb 10, 2019 at 22:08

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.