Can I verify if AppArmor is really disabled?

Hi,

I posted another topic with my rsh/rlogin issue and this is related but let me open a new thread and ask this general question.

How can I verify if AppArmor is really disabled?

I usually run “chkconfig boot.apparmor off; service boot.apparmor stop” after the upgrade.

But, I noticed my syslog shows:

Jun 6 14:37:01 server1 kernel: [ 5352.377525] type=1400 audit(1402090621.149:213): apparmor=“DENIED” operation=“change_hat” info=“unconfined” error=-1 pid=9725 comm=“cron”
Jun 6 14:37:01 server1 /usr/sbin/cron[9726]: (root) CMD (/usr/sbin/logwatch --service dmeventd)
Jun 6 14:38:01 server1 /usr/sbin/cron[9774]: (root) CMD (/usr/sbin/logwatch --service dmeventd)
Jun 6 14:38:01 server1 kernel: [ 5412.451129] type=1400 audit(1402090681.377:214): apparmor=“DENIED” operation=“change_hat” info=“unconfined” error=-1 pid=9773 comm=“cron”
Jun 6 14:38:01 server1 kernel: [ 5412.451148] type=1400 audit(1402090681.377:215): apparmor=“DENIED” operation=“change_hat” info=“unconfined” error=-1 pid=9773 comm=“cron”

Do the above messages indicate that AppArmor is running?

Thanks.

• Steve

yssong,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

• Visit http://www.suse.com/support and search the knowledgebase and/or check all
  the other support options available.
• You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your SUSE Forums Team
http://forums.suse.com