logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles

Contents

Bugs

aa-unconfined must be run as root to retrieve the process executable link from the /proc filesystem. This
       program is susceptible to race conditions of several flavours: an unlinked executable will be mishandled;
       an executable started before an AppArmor profile is loaded will not appear in the output, despite running
       without  confinement;  a  process that dies between the netstat(8) and further checks will be mishandled.
       This program only lists processes using TCP and UDP. In short, this program is unsuitable  for  forensics
       use and is provided only as an aid to profiling all network-accessible processes in the lab.

       If you find any bugs, please report them at <https://gitlab.com/apparmor/apparmor/-/issues>.

Description

aa-unconfined will use netstat(8) to determine which processes have open network sockets and do not  have
       AppArmor profiles loaded into the kernel.

Name

       aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles
       loaded

Options

--paranoid
           Displays  all  processes visible from /proc filesystem, and whether they are confined by a profile or
           "not confined". Equivalent to --show=all.

       --show=(all|network|server|client)
           Determines the set of processes to be displayed.

           --show=all show all processes is equivalent to --paranoid--show=network show only process with any sockets open.

           --show=server show only processes with listening sockets open. This is the default value  if  --show=
           or --paranoid are not specified.

           --show=client show only processes with non-listening sockets open.

       --with-ss
           Use the ss(8) command to find processes listening on network sockets (the default).

       --with-netstat
           Use  the  netstat(8)  command  to  find processes listening on network sockets. This is also what aa-
           unconfined will fall back to when ss(8) is not available.

See Also

ss(8), netstat(8), apparmor(7), apparmor.d(5), aa_change_hat(2), and <https://wiki.apparmor.net>.

AppArmor 4.1.1                                     2025-07-23                                   AA-UNCONFINED(8)

Synopsis

aa-unconfined[options][--with-ss|--with-netstat]

See Also

MCP
Mcp-mistral-ocr Mcp
TLDR
Aa-unconfined - list unconfined linux processes Tldr
Man Pages
AppArmor Man Pages
Man Pages
netstat Man Pages
Network
Network PNG Icons
Man Pages
sockets Man Pages
Assistive Listening Systems
Assistive Listening Systems PNG Icons
Man Pages
Paranoid Man Pages
Man Pages
profiles Man Pages
← View System admin Category← Back to Disk and volume management🙏  Credits & Acknowledgments