Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

i can't disable apparmor in debian 10

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
yohoho
Posts: 12
Joined: 2019-12-22 05:26

i can't disable apparmor in debian 10

#1 Post by yohoho »

This don't work:

Code: Select all

mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | tee /etc/default/grub.d/apparmor.cfg
update-grub
reboot
After reboot apparmor loaded again.
This don't work:

Code: Select all

systemctl stop apparmor
systemctl disable apparmor
aa-status

Code: Select all

apparmor module is loaded.
How to completely disable apparmor and unload rules?
Top
arzgi
Posts: 1194
Joined: 2008-02-21 17:03
Location: Finland
Been thanked: 31 times

Re: i can't disable apparmor in debian 10

#2 Post by arzgi »

Code: Select all

# apt purge apparmor
Top
User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 133 times

Re: i can't disable apparmor in debian 10

#3 Post by Head_on_a_Stick »

yohoho wrote:This don't work:

Code: Select all

mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' | tee /etc/default/grub.d/apparmor.cfg
update-grub
reboot
After reboot apparmor loaded again.
Did you check if the kernel parameter was actually applied?

Code: Select all

cat /proc/cmdline
deadbang
Top
Deb-fan
Posts: 1047
Joined: 2012-08-14 12:27
Been thanked: 4 times

Re: i can't disable apparmor in debian 10

#4 Post by Deb-fan »

At such times tend towards whipping out the big guns "sudo systemctl mask". Though helps to nose around a bit to see if there's affected dependency issues, often not. I like to nuke NetworkManager in this fashion. Someone can blacklist modules in /etc/modprobe.d files, so they don't load, should already be some examples there for cpu microcode, one per line etc. Have also seen the weirdness with kernel parameters not taking effect when added to /etc/default/grub as they should, tend to just keep poking at it, put it down to syntax or ordering error.

As Head_on mentions cat'ing /proc/cmdline to check. At times will do this via the grub screen, highlight the kernel line someone wishes to affect, press the "e" key for edit, add the params you're wanting to it and go from there, although don't believe it's meant to be persistent(only for that boot) and the grub file is where such things are supposed to be done. There's a second line in the grub file below the first, related to adding params, seems setting them there remain in effect vs using the first one. Really haven't sorted out how this works in detail. Just poke at it when needed, until output of "cat /proc/cmdline" shows me it's working as I'd wanted it. :)
Most powerful FREE tech-support tool on the planet * HERE. *
Top
Post Reply

Return to “System and Network configuration”