mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/aa-status.pod
Christian Boltz 198f660ee8 fix broken URLs in various utils/*.pod files. 
(The broken URLs were introduced in r1582.)

for utils/*.pod:
  Acked-by: Steve Beattie <steve@nxnw.org> 

for the other directories:
  Patch by Steve Beattie
  Acked-by: Christian Boltz <apparmor@cboltz.de>
2013-09-19 21:17:39 +02:00

126 lines
3.1 KiB
Text
Raw Blame History

# This publication is intellectual property of Novell Inc. and Canonical
# Ltd. Its contents can be duplicated, either in part or in whole, provided
# that a copyright label is visibly located on each copy.
#
# All information found in this book has been compiled with utmost
# attention to detail. However, this does not guarantee complete accuracy.
# Neither SUSE LINUX GmbH, Canonical Ltd, the authors, nor the translators
# shall be held liable for possible errors or the consequences thereof.
#
# Many of the software and hardware descriptions cited in this book
# are registered trademarks. All trade names are subject to copyright
# restrictions and may be registered trade marks. SUSE LINUX GmbH
# and Canonical Ltd. essentially adhere to the manufacturer's spelling.
#
# Names of products and trademarks appearing in this book (with or without
# specific notation) are likewise subject to trademark and trade protection
# laws and may thus fall under copyright restrictions.
#
=pod
=head1 NAME
aa-status - display various information about the current AppArmor
policy.
=head1 SYNOPSIS
B<aa-status> [option]
=head1 DESCRIPTION
B<aa-status> will report various aspects of the current state of
AppArmor confinement. By default, it displays the same information as if
the I<--verbose> argument were given. A sample of what this looks like
is:
apparmor module is loaded.
110 profiles are loaded.
102 profiles are in enforce mode.
8 profiles are in complain mode.
Out of 129 processes running:
13 processes have profiles defined.
8 processes have profiles in enforce mode.
5 processes have profiles in complain mode.
Other argument options are provided to report individual aspects, to
support being used in scripts.
=head1 OPTIONS
B<aa-status> accepts only one argument at a time out of:
=over 4
=item --enabled
returns error code if AppArmor is not enabled.
=item --profiled
displays the number of loaded AppArmor policies.
=item --enforced
displays the number of loaded enforcing AppArmor policies.
=item --complaining
displays the number of loaded non-enforcing AppArmor policies.
=item --verbose
displays multiple data points about loaded AppArmor policy
set (the default action if no arguments are given).
=item --help
displays a short usage statement.
=back
=head1 BUGS
B<aa-status> must be run as root to read the state of the loaded
policy from the apparmor module. It uses the /proc filesystem to determine
which processes are confined and so is susceptible to race conditions.
Upon exiting, B<aa-status> will set its return value to the
following values:
=over 4
=item 0
if apparmor is enabled and policy is loaded.
=item 1
if apparmor is not enabled/loaded.
=item 2
if apparmor is enabled but no policy is loaded.
=item 3
if the apparmor control files aren't available under /sys/kernel/security/.
=item 4
if the user running the script doesn't have enough privileges to read
the apparmor control files.
=back
If you find any additional bugs, please report them at
L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
apparmor(7), apparmor.d(5), and
L<http://wiki.apparmor.net>.
=cut
Reference in a new issue View git blame Copy permalink