Hi,

I posted another topic with my rsh/rlogin issue and this is related but let me open a new thread and ask this general question.

How can I verify if AppArmor is really disabled?

I usually run "chkconfig boot.apparmor off; service boot.apparmor stop" after the upgrade.

But, I noticed my syslog shows:


Jun 6 14:37:01 server1 kernel: [ 5352.377525] type=1400 audit(1402090621.149:213): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=9725 comm="cron"
Jun 6 14:37:01 server1 /usr/sbin/cron[9726]: (root) CMD (/usr/sbin/logwatch --service dmeventd)
Jun 6 14:38:01 server1 /usr/sbin/cron[9774]: (root) CMD (/usr/sbin/logwatch --service dmeventd)
Jun 6 14:38:01 server1 kernel: [ 5412.451129] type=1400 audit(1402090681.377:214): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=9773 comm="cron"
Jun 6 14:38:01 server1 kernel: [ 5412.451148] type=1400 audit(1402090681.377:215): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=9773 comm="cron"


Do the above messages indicate that AppArmor is running?


Thanks.



- Steve