aa-remove-unknown

Perform a dry run to see which profiles would be removed

$ sudo aa-remove-unknown -n

$ sudo aa-remove-unknown

$ aa-remove-unknown [[-h|--help]]

aa-remove-unknown [OPTIONS]

-h, --help
    Displays a brief help message and exits.

-V, --version
    Shows version information for the command and exits.

-d, --dry-run
    Performs a simulated run; prints what would be removed without actually deleting any files.

-q, --quiet
    Suppresses most output messages, only displaying errors.

-v, --verbose
    Increases verbosity, providing more detailed output during execution.

aa-remove-unknown is a utility designed to manage AppArmor profiles by removing those that are no longer needed or recognized by the system.

It identifies profile files located on disk (typically in /etc/apparmor.d/) that are not currently loaded by the Linux kernel's AppArmor module and are not associated with any installed packages.

This command is particularly useful for system maintenance, helping to clean up residual profiles after software has been uninstalled or when manually created profiles become stale. By eliminating these unknown or orphaned profiles, aa-remove-unknown helps maintain a tidy and secure AppArmor environment, preventing potential conflicts or confusion from outdated security policies. It's recommended to use the --dry-run option first to preview changes.

Using aa-remove-unknown without the --dry-run option will permanently delete profile files from your system. Exercise caution and verify the list of profiles to be removed. Ensure that profiles identified as 'unknown' are truly no longer needed, especially if you manage custom AppArmor profiles manually.

A profile is considered 'unknown' by aa-remove-unknown if its corresponding file exists on disk (typically in /etc/apparmor.d/) but it is neither currently loaded into the kernel's AppArmor securityfs interface (/sys/kernel/security/apparmor/profiles) nor traceable back to an installed package that provides it. This helps identify profiles that are stale or unmanaged.

aa-remove-unknown is part of the AppArmor user-space utilities, which have evolved alongside the AppArmor security module in the Linux kernel. AppArmor originated with Immunix, was later adopted by Novell (SUSE), and has since become a standard security feature in many Linux distributions. This tool was developed to address the practical need for managing and cleaning up AppArmor profiles as systems change, packages are installed or removed, and profiles might become orphaned or obsolete.

aa-genprof(8), aa-enforce(8), aa-complain(8), aa-logprof(8), aa-status(8)