• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

aa-disable: command not found

by admin

AppArmor is an alternative context-based permissions scheme and MAC implementation for Linux. Whereas SELinux is more commonly associated with RHEL, AppArmor is packaged with Debian-based and SUSE Linux distros. AppArmor provides the same fundamental service as SELinux, but its approach is different in many significant ways. Perhaps the most overarching difference is that SELinux is very complex and often difficult to configure, whereas AppArmor was designed to be much simpler.

Functionally, the main difference is that AppArmor works with file system objects based on paths, whereas SELinux references inodes directly. These paths are referenced in flat configuration files, or profiles, that AppArmor uses to determine how to control access. This also means that there are no types or domains in AppArmor, only these profiles.

Use the command aa-disable to disable a profile, unloading it from the kernel. The basic syntax is:

# aa-disable {path to profile}

If you encounter the below error while running the command:

aa-disable: command not found

you may try installing the below package as per your choice of distribution:

OS Distribution Command
Debian apt-get install apparmor-utils
Ubuntu apt-get install apparmor-utils
Arch Linux pacman -S apparmor
Kali Linux apt-get install apparmor-utils
Raspbian apt-get install apparmor-utils

AppArmor PROFILES

Each executable can have an associated AppArmor profile. Profiles are located in the /etc/apparmor.d/ directory. Within this directory are several text files that are named in a path.binary format. For example, the /bin/dig command binary’s AppArmor configuration file would be located at /etc/apparmor.d/ bin.dig. Within a profile, you can configure two main types of rules: capabilities and path entries. Capabilities provide the executable in question access to some sort of system functionality. For example, the net_bind_service capability enables the executable to bind to a well-known TCP/IP port (port numbers below 1024).

Path entries enable the executable to access a specific file on the file system. As the name suggests, you reference the files by their paths. After the path you specify what permissions you want to grant to this executable for the files. There are several possible permissions, including r for read, w for write, ux for unconfined execute (file being accessed doesn’t have a profile), l for link, and so on.

AppArmor MODES

Each profile operates in one of two modes: complain and enforce. In complain mode, profile violations are logged but not prevented. In enforce mode, profile violations are both logged and prevented.

AppArmor TUNABLES

Tunables enable you to configure AppArmor functionality without directly modifying profiles. For example, profiles may reference a common object or path using a variable name, like @{HOME} to refer to the user’s home directory. If the user’s home directory is not in the default location, you can adjust the appropriate tunable file to account for this. Tunable files are located in the /etc/apparmor.d/tunables/ directory.

Filed Under: Linux

Some more articles you might also be interested in …

  1. kitex Command Examples
  2. kahlan Command Examples
  3. parted: command not found
  4. git clean: Remove untracked files from the working tree
  5. How to Limit/throttle rsync transfer speed in Linux
  6. setpci command – configure PCI device
  7. gitmoji Command Examples
  8. Understanding the /etc/fstab file in Linux
  9. renice: command not found
  10. “aws s3 mv” Command Examples

You May Also Like

Primary Sidebar

Recent Posts

  • Vanilla OS 2 Released: A New Era for Linux Enthusiasts
  • mk Command Examples
  • mixxx Command Examples
  • mix Command Examples

© 2025 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright