Why does apparmor_status disagree with lsmod?

Question

I'm fiddling around with AppArmor on Ubuntu 24.04.1 and wanted to see how my system behaves when it's totally disabled, so I did so as described here:

sudo systemctl stop apparmor
sudo systemctl disable apparmor

After this apparmor_status still said apparmor module is loaded. I rebooted, and it still said that, even though apparmor doesn't appear in lsmod. Systemd says:

❯❯  sudo systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/usr/lib/systemd/system/apparmor.service; disabled; preset: enabled)
     Active: inactive (dead)
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/

score 0 · Answer 1 · answered Dec 29 '24 at 17:06

Realised while typing my question.

AppArmor is not a module, at least in this version (24.04.1, Desktop) of Ubuntu:

❯❯  grep APPARMOR= /boot/config-$(uname -r)
CONFIG_SECURITY_APPARMOR=y
CONFIG_DEFAULT_SECURITY_APPARMOR=y

I'm not really sure how to actually disable it. I guess I'll ask that as a separate question since this one is a bit badly written now.

Why does apparmor_status disagree with lsmod?

1 Answers1

Linked