Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 260

Stopped
The AppArmor module is loaded into the kernel, but no policies are enforced.
Detect the state of the AppArmor module by inspecting /sys/kernel/security/
apparmor/profiles. If cat
/sys/kernel/security/apparmor/profiles reports a list of profiles,
AppArmor is running. If it is empty and returns nothing, AppArmor is stopped. If the
file does not exist, AppArmor is unloaded.
Manage AppArmor through the script rcapparmor, which can perform the following
operations:
rcapparmor start
Behavior depends on the AppArmor module state. If it is unloaded, start loads
the module and starts it, putting it in the running state. If it is stopped, start
causes the module to rescan the AppArmor profiles usually found in /etc/
apparmor.d and puts the module in the running state. If the module is already
running, start reports a warning and takes no action.
rcapparmor stop
Stops the AppArmor module if it is running by removing all profiles from kernel
memory, effectively disabling all access controls, and putting the module into the
stopped state. If the AppArmor module is unloaded or already stopped, stop tries
to unload the profiles again, but nothing happens.
rcapparmor restart
Causes the AppArmor module to rescan the profiles in /etc/apparmor.d
without unconfining running processes. Freshly created profiles are enforced and
recently deleted ones are removed from the /etc/apparmor.d directory.
rcapparmor kill
Unconditionally removes the AppArmor module from the kernel. This is unsafe,
because unloading modules from the Linux kernel is unsafe. This command is
provided only for debugging and emergencies when the module might need to be
removed.
248 Security Guide