Enforcement modes
Kill
Access controls are enforced.
Access violations terminate the process.
/sys/module/apparmor/parameters/mode -> kill
Enforce
Access controls are enforced.
Access violations are not allowed.
Errors are returned.
/sys/module/apparmor/parameters/mode -> enforce
Complain
Access controls are not enforced.
Access violations are just reported (in system log files).
Profiles can be installed in complain mode with apparmor_parse -C
Installed profiles are moved to complain mode with aa-complain
Last updated