recently I am interesting at apparmor, and I have read some docs of it, but I have a question that how to protect apparmor itself? I mean only if gained root privilege then stop apparmor service, all the protection will no longer effect, if I hiding or remove root user then how to remodify
profiles if needed that because have not enough privilege.
Is there apparmor maillist? maybe you can email me: <email removed for obvious reasons>
Welcome here on these Forums.
It is not a good idea to have your e-mail address in the open on the Internet (except when you want to receive massive spam).
There is a PM service on these forums.
Also we want the discussions to be here on the forums. These forums are for the benifit of all participants. And nobody can see any solutions offered to your problem when they are note here. Remember this is a community, not a helpdesk for individuals.
Short answer is that if a malcontent gains root access he owns the machine period. Turning off apparmor is about the least he can do. Also note that anyone with physical access can own the machine if they have the knowledge.