aa-teardown

Disable all AppArmor profiles and stop enforcement

$ sudo aa-teardown

$ aa-teardown [[-h|--help]]

aa-teardown

-h, --help
    Displays a short usage statement for the command.

-v, --version
    Displays the version of the AppArmor utility being used.

aa-teardown is a utility from the AppArmor user-space tools suite designed to unload all currently active AppArmor profiles from the Linux kernel. When executed, this command instructs the kernel to cease enforcing the security rules defined by any loaded AppArmor profiles, effectively disabling AppArmor confinement for all applications that were previously restricted. This action is irreversible without manually reloading profiles or a system reboot. It is typically used for system maintenance, testing, or when transitioning away from AppArmor, but users should be aware that it significantly reduces the system's security posture by removing all active confinement. The command requires root privileges to execute and only affects profiles in kernel memory; it does not delete profile files from the filesystem.

Running aa-teardown requires superuser privileges (e.g., using sudo). This command unloads all AppArmor profiles, effectively removing all confinement. It does not remove profile files from the filesystem; for that, consider using aa-disable(8) for specific profiles or manually deleting the files and rebooting. Unloading all profiles can significantly reduce the system's security posture until profiles are reloaded.

It's critical to understand that aa-teardown unloads all currently loaded AppArmor profiles. This means that all applications previously confined by AppArmor will run without any restrictions imposed by AppArmor. If the intent is to disable a specific profile, aa-disable(8) is the appropriate command.

Using aa-teardown does not remove the AppArmor profile files from the filesystem (typically located in /etc/apparmor.d/). Profiles will likely be reloaded automatically upon the next system boot unless explicitly disabled or removed from their respective directories. For permanent removal or disabling of specific profiles, filesystem operations combined with aa-disable(8) are necessary.

AppArmor, including its core utilities like aa-teardown, was initially developed by Immunix and later maintained by Novell and SUSE. It was designed as a proactive security module for Linux, providing Mandatory Access Control (MAC). aa-teardown has been a fundamental part of the AppArmor user-space tools since its early days, consistently serving the purpose of globally unloading profiles from the kernel to manage system security configurations.

apparmor(7), aa-enforce(8), aa-complain(8), aa-disable(8), aa-genprof(8)