aa-status 命令

常用示例

说明

aa-status reports the current state of AppArmor confinement on the system. By default, it displays a summary of loaded profiles grouped by enforcement mode (enforce, complain, kill, unconfined), the number of confined processes, and which profiles apply to them. Individual flags can query specific counters for use in scripts. The --json and --pretty-json flags provide machine-parseable output suitable for monitoring and automation pipelines.

参数

--enabled

Returns error code if AppArmor is not enabled

--profiled

Shows count of loaded AppArmor policies

--enforced

Shows count of enforcing policies

--complaining

Shows count of non-enforcing (complain mode) policies

--kill

Shows count of enforcing policies that terminate tasks on violations

--prompt

Shows count of enforcing policies with fallback to userspace mediation

--special-unconfined

Shows count of unconfined mode policies

--process-mixed

Shows count of processes confined by profile stacks with profiles in different modes

--verbose

Displays comprehensive AppArmor policy data (default behavior)

--json

Outputs policy data in JSON format for machine processing

--pretty-json

Provides human and machine-readable JSON output

--count

Shows only counts for selected information

--show _TYPE_

Specify what to display: processes, profiles, or all (default: all)

--filter.mode _REGEX_

Filter output by profile mode using a POSIX regular expression

--filter.profiles _REGEX_

Filter output by confining profile name using a POSIX regular expression

--filter.pid _REGEX_

Filter output by process PID using a POSIX regular expression

--filter.exe _REGEX_

Filter output by executable name using a POSIX regular expression

--help

Displays usage information