apparmor_status - display various information about the current
apparmor_status will report various aspects of the current state of
AppArmor confinement. By default, it displays the same information as
if the --verbose argument were given. A sample of what this looks like
apparmor module is loaded.
110 profiles are loaded.
102 profiles are in enforce mode.
8 profiles are in complain mode.
Out of 129 processes running:
13 processes have profiles defined.
8 processes have profiles in enforce mode.
5 processes have profiles in complain mode.
Other argument options are provided to report individual aspects, to
support being used in scripts.
apparmor_status accepts only one argument at a time out of:
returns error code if AppArmor is not enabled.
displays the number of loaded AppArmor policies.
displays the number of loaded enforcing AppArmor policies.
displays the number of loaded non-enforcing AppArmor policies.
displays multiple data points about loaded AppArmor policy set (the
default action if no arguments are given).
displays a short usage statement.
apparmor_status must be run as root to read the state of the loaded
policy from the apparmor module. It uses the /proc filesystem to
determine which processes are confined and so is susceptible to race
Upon exiting, apparmor_status will set its return value to the
0 if apparmor is enabled and policy is loaded.
1 if apparmor is not enabled/loaded.
2 if apparmor is enabled but no policy is loaded.
3 if the apparmor control files aren't available under
4 if the user running the script doesn't have enough privileges to
read the apparmor control files.
If you find any additional bugs, please report them to bugzilla at
apparmor(7), apparmor.d(5), and
Hey! The above document had some coding errors, which are explained
Around line 95:
'=item' outside of any '=over'
Around line 119:
You forgot a '=back' before '=head1'