aa-teardown

Disable all AppArmor profiles and stop enforcement

$ sudo aa-teardown

$ aa-teardown [[-h|--help]]

aa-teardown

The aa-teardown command is a powerful utility from the AppArmor security toolkit designed to completely unload all loaded AppArmor profiles from the Linux kernel. AppArmor is a Mandatory Access Control (MAC) system that confines programs to a limited set of resources through per-program profiles.

Executing aa-teardown disables enforcement and complaint modes for every profile, effectively turning off AppArmor confinement system-wide. This is useful in troubleshooting scenarios, testing environments, or when fully disabling AppArmor temporarily. However, it poses significant security risks as it removes all confinement policies at once, leaving applications unrestricted.

Typically run as root via sudo, the command interacts directly with the kernel's LSM interface to purge the policy cache. After teardown, no profiles are active until reloaded using tools like aa-enforce or service restarts. It does not remove profile files from disk; it only unloads runtime policies.

Ideal for developers debugging profile issues or sysadmins needing a clean slate, but never recommended on production systems without backups and immediate reconfiguration plans.

Extremely dangerous on production systems; disables all AppArmor protections instantly. Requires root privileges. Profiles in active use may resist unloading. Does not persist across reboots or kernel reloads. Always verify with aa-status afterward.

sudo aa-teardown
Follow with aa-status to confirm no profiles loaded.

Use only in isolated environments. Reload profiles via /etc/init.d/apparmor reload or systemd equivalents post-teardown.

Introduced in early AppArmor releases (pre-2.0) as part of apparmor-utils package. AppArmor originated from Immunix project (1990s), acquired by Novell/SUSE (2005), integrated into Ubuntu mainline (2009). aa-teardown evolved for kernel policy management with LSM stacking support in Linux 2.6+.

aa-status(8), aa-enforce(8), aa-complain(8), aa-disable(8), apparmor_parser(8)