Can I disable AppArmor entirely?

Yes with sudo systemctl disable apparmor && sudo systemctl stop apparmor, but this removes security protections. Better to fix the specific profile or set it to complain mode.

How do I create a new AppArmor profile?

Use aa-genprof: run sudo aa-genprof /path/to/app, then exercise the application. aa-genprof will prompt you to allow or deny each access attempt, building a profile interactively.

AppArmor Profile Errors — Access Denied and Profile Troubleshooting on Ubuntu

Warningsecurity

Overview

Fix AppArmor profile errors on Ubuntu and Debian preventing applications from accessing files and network resources due to mandatory access control policies.

Key Details

AppArmor is the default mandatory access control system on Ubuntu, Debian, and SUSE Linux
Profiles define what each application can access: files, network, capabilities
Profile modes: enforce (blocks violations), complain (logs only), disabled
Profiles stored in /etc/apparmor.d/ as plain text files
Denials logged in /var/log/syslog or journalctl with DENIED messages

Common Causes

Application profile too restrictive, blocking legitimate file or network access
Application binary moved to a non-standard path not covered by the profile
New version of application accessing paths not in the existing profile
Custom configuration directory not included in the application's AppArmor profile

Steps

1Check AppArmor status: sudo aa-status to see enforced and complain-mode profiles
2View denials: journalctl | grep DENIED or grep DENIED /var/log/syslog
3Set profile to complain mode: sudo aa-complain /path/to/binary to log without blocking
4After gathering logs in complain mode: sudo aa-logprof to update the profile with new rules
5Set profile back to enforce: sudo aa-enforce /path/to/binary
6Disable a specific profile: sudo ln -s /etc/apparmor.d/profile /etc/apparmor.d/disable/ && sudo apparmor_parser -R /etc/apparmor.d/profile

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Both provide mandatory access control. SELinux uses labels on all objects (more comprehensive, more complex). AppArmor uses file paths (simpler to configure, easier to understand). Ubuntu uses AppArmor, RHEL uses SELinux.

AppArmor Profile Errors — Access Denied and Profile Troubleshooting on Ubuntu

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions