Provided by: apparmor-utils_2.10.95-0ubuntu2.12_amd64 bug

NAME

       aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor
       profiles loaded

SYNOPSIS

       aa-unconfined [--paranoid]

OPTIONS

       --paranoid

          Displays all processes from F</proc> filesystem with tcp or udp ports
          that do not have AppArmor profiles loaded.

DESCRIPTION

       aa-unconfined will use netstat(8) to determine which processes have open network sockets
       and do not have AppArmor profiles loaded into the kernel.

BUGS

       aa-unconfined must be run as root to retrieve the process executable link from the /proc
       filesystem. This program is susceptible to race conditions of several flavours: an
       unlinked executable will be mishandled; an executable started before an AppArmor profile
       is loaded will not appear in the output, despite running without confinement; a process
       that dies between the netstat(8) and further checks will be mishandled. This program only
       lists processes using TCP and UDP. In short, this program is unsuitable for forensics use
       and is provided only as an aid to profiling all network-accessible processes in the lab.

       If you find any bugs, please report them at
       <https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

       netstat(8), apparmor(7), apparmor.d(5), aa_change_hat(2), and <http://wiki.apparmor.net>.