Simplified testcase:
/etc/apparmor.d/a
profile a { ^b {} ^c {} }
apparmor_parser -r /etc/apparmor.d/a # load the profile grep ^a /sys/kernel/security/apparmor/profiles # lists profile and both hats echo 'profile a//b {}' | apparmor_parser -R # unload a//b (aka ^b) apparmor_parser -r /etc/apparmor.d/a # reload from cache grep ^a /sys/kernel/security/apparmor/profiles # will _not_ list a//b
Simplified testcase:
/etc/apparmor.d/a
profile a {
^b {}
^c {}
}
apparmor_parser -r /etc/apparmor.d/a # load the profile security/ apparmor/ profiles # lists profile and both hats security/ apparmor/ profiles # will _not_ list a//b
grep ^a /sys/kernel/
echo 'profile a//b {}' | apparmor_parser -R # unload a//b (aka ^b)
apparmor_parser -r /etc/apparmor.d/a # reload from cache
grep ^a /sys/kernel/