aa-status

aa-status [option]

aa-status reports the current state of AppArmor confinement on the system. By default, it displays a summary of loaded profiles grouped by enforcement mode (enforce, complain, kill, unconfined), the number of confined processes, and which profiles apply to them. Individual flags can query specific counters for use in scripts. The --json and --pretty-json flags provide machine-parseable output suitable for monitoring and automation pipelines.

--enabled

Returns error code if AppArmor is not enabled

Shows count of loaded AppArmor policies

Shows count of enforcing policies

Shows count of non-enforcing (complain mode) policies

Shows count of enforcing policies that terminate tasks on violations

Shows count of enforcing policies with fallback to userspace mediation

Shows count of unconfined mode policies

Shows count of processes confined by profile stacks with profiles in different modes

Displays comprehensive AppArmor policy data (default behavior)

Outputs policy data in JSON format for machine processing

Provides human and machine-readable JSON output

Shows only counts for selected information

Specify what to display: processes, profiles, or all (default: all)

Filter output by profile mode using a POSIX regular expression

Filter output by confining profile name using a POSIX regular expression

Filter output by process PID using a POSIX regular expression

Filter output by executable name using a POSIX regular expression

Displays usage information

Exit codes indicate different states: 0 = enabled with policy, 1 = not enabled, 2 = enabled but no policy, 3 = control files unavailable, 4 = insufficient privileges.

Part of the AppArmor utilities package for managing application security profiles on Linux systems.

aa-enforce(8), aa-complain(8), aa-disable(8), apparmor(7)