Ubuntu has ~3 oob confined running processes. Ubuntu basically just confines Firefox, Thunderbird, and generic snaps. And oh wow rsyslog.
ubuntu-24.04-desktop-amd64.iso
$ sudo aa-status
apparmor module is loaded.
32 profiles are loaded.
27 profiles are in enforce mode.
/snap/snapd/21465/usr/lib/snapd/snap-confine
/snap/snapd/21465/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
rsyslogd
snap-update-ns.firefox
snap-update-ns.firmware-updater
snap-update-ns.snap-store
snap-update-ns.snapd-desktop-integration
snap-update-ns.thunderbird
snap-update-ns.ubuntu-desktop-bootstrap
snap.firefox.firefox
snap.firefox.geckodriver
snap.firefox.hook.configure
snap.firefox.hook.connect-plug-host-hunspell
snap.firefox.hook.disconnect-plug-host-hunspell
snap.firefox.hook.post-refresh
snap.firmware-updater.firmware-notifier
snap.firmware-updater.firmware-updater
snap.firmware-updater.firmware-updater-app
snap.firmware-updater.hook.configure
snap.snap-store.hook.configure
snap.snap-store.snap-store
snap.snapd-desktop-integration.hook.configure
snap.snapd-desktop-integration.snapd-desktop-integration
snap.thunderbird.hook.configure
snap.thunderbird.thunderbird
5 profiles are in complain mode.
snap.ubuntu-desktop-bootstrap.os-prober
snap.ubuntu-desktop-bootstrap.probert
snap.ubuntu-desktop-bootstrap.subiquity-loadkeys
snap.ubuntu-desktop-bootstrap.subiquity-server
snap.ubuntu-desktop-bootstrap.ubuntu-desktop-bootstrap
0 profiles are in prompt mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
7 processes have profiles defined.
3 processes are in enforce mode.
/usr/sbin/rsyslogd (1265) rsyslogd
/snap/snapd-desktop-integration/157/usr/bin/snapd-desktop-integration (2912) snap.snapd-desktop-integration.snapd-desktop-integration
/snap/snapd-desktop-integration/157/usr/bin/snapd-desktop-integration (3069) snap.snapd-desktop-integration.snapd-desktop-integration
4 processes are in complain mode.
/usr/bin/bash (3251) snap.ubuntu-desktop-bootstrap.subiquity-server
/snap/ubuntu-desktop-bootstrap/171/usr/bin/python3.10 (3284) snap.ubuntu-desktop-bootstrap.subiquity-server
/usr/bin/bash (2535) snap.ubuntu-desktop-bootstrap.ubuntu-desktop-bootstrap
/snap/ubuntu-desktop-bootstrap/171/bin/ubuntu_bootstrap (2692) snap.ubuntu-desktop-bootstrap.ubuntu-desktop-bootstrap
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
Fedora has ~50 oob confined running processes.
Fedora-Workstation-Live-x86_64-40-1.14.iso
$ ps -auxZ | grep -v -e kernel_t -e unconfined_t
LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
system_u:system_r:init_t:s0 root 1 2.2 0.6 65388 25772 ? Ss 16:15 0:01 /usr/lib/systemd/systemd --switched-root --system --deserialize=40 rhgb
system_u:system_r:syslogd_t:s0 root 961 0.2 0.4 66532 17840 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-journald
system_u:system_r:systemd_userdbd_t:s0 root 989 0.0 0.1 16124 6144 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-userdbd
system_u:system_r:udev_t:s0-s0:c0.c1023 root 1003 0.1 0.3 36460 12780 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-udevd
system_u:system_r:init_t:s0 systemd+ 1110 0.1 0.1 16424 7040 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-oomd
system_u:system_r:systemd_resolved_t:s0 systemd+ 1111 0.0 0.3 25792 15680 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-resolved
system_u:system_r:auditd_t:s0 root 1145 0.0 0.0 20028 2988 ? S<sl 16:15 0:00 /usr/sbin/auditd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 dbus 1158 0.0 0.1 10184 5012 ? Ss 16:15 0:00 /usr/bin/dbus-broker-launch --scope system --audit
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 dbus 1159 0.2 0.1 8288 6220 ? S 16:15 0:00 dbus-broker --log 4 --controller 9 --machine-id 7befb37e1b8a4bccba5bcaa6a57e12a5 --max-bytes 536870912 --max-fds 4096 --max-matches 131072 --audit
system_u:system_r:avahi_t:s0 avahi 1161 0.0 0.1 7244 4224 ? Ss 16:15 0:00 avahi-daemon: running [fedora.local]
system_u:system_r:unconfined_service_t:s0 root 1165 0.0 0.1 302804 5376 ? SLsl 16:15 0:00 /usr/libexec/low-memory-monitor
system_u:system_r:policykit_t:s0 polkitd 1168 0.7 0.2 383960 11004 ? Ssl 16:15 0:00 /usr/lib/polkit-1/polkitd --no-debug
system_u:system_r:unconfined_service_t:s0 root 1169 0.0 0.1 529976 6912 ? Ssl 16:15 0:00 /usr/libexec/power-profiles-daemon
system_u:system_r:virt_qemu_ga_t:s0 root 1181 0.0 0.0 80592 3712 ? Ssl 16:15 0:00 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist= -F/etc/qemu-ga/fsfreeze-hook
system_u:system_r:rtkit_daemon_t:s0 rtkit 1182 0.0 0.0 21568 3072 ? SNsl 16:15 0:00 /usr/libexec/rtkit-daemon
system_u:system_r:accountsd_t:s0 root 1183 0.0 0.1 531296 7648 ? Ssl 16:15 0:00 /usr/libexec/accounts-daemon
system_u:system_r:unconfined_service_t:s0 root 1185 0.0 0.1 527652 6272 ? Ssl 16:15 0:00 /usr/libexec/switcheroo-control
system_u:system_r:init_t:s0 root 1186 0.1 0.1 16604 7424 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-homed
system_u:system_r:systemd_logind_t:s0 root 1187 0.1 0.2 20432 10368 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-logind
system_u:system_r:systemd_machined_t:s0 root 1188 0.1 0.1 16420 7424 ? Ss 16:15 0:00 /usr/lib/systemd/systemd-machined
system_u:system_r:devicekit_disk_t:s0 root 1189 0.0 0.3 467948 13132 ? Ssl 16:15 0:00 /usr/libexec/udisks2/udisksd
system_u:system_r:devicekit_power_t:s0 root 1193 0.0 0.2 535320 8576 ? Ssl 16:15 0:00 /usr/libexec/upowerd
system_u:system_r:alsa_t:s0 root 1207 0.0 0.0 4572 2816 ? SNs 16:15 0:00 /usr/sbin/alsactl -s -n 19 -c -E ALSA_CONFIG_PATH=/etc/alsa/alsactl.conf --initfile=/lib/alsa/init/00main rdaemon
system_u:system_r:avahi_t:s0 avahi 1208 0.0 0.0 7244 1288 ? S 16:15 0:00 avahi-daemon: chroot helper
system_u:system_r:modemmanager_t:s0 root 1262 0.1 0.2 316524 11960 ? Ssl 16:15 0:00 /usr/sbin/ModemManager
system_u:system_r:firewalld_t:s0 root 1264 0.4 1.0 359424 43524 ? Ssl 16:15 0:00 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid
system_u:system_r:chronyd_t:s0 chrony 1363 0.0 0.1 85056 4148 ? S 16:15 0:00 /usr/sbin/chronyd -F 2
system_u:system_r:NetworkManager_t:s0 root 1367 0.1 0.4 551536 18864 ? Ssl 16:15 0:00 /usr/sbin/NetworkManager --no-daemon
system_u:system_r:gssproxy_t:s0 root 1400 0.0 0.0 276764 3604 ? Ssl 16:15 0:00 /usr/sbin/gssproxy -D
system_u:system_r:virtqemud_t:s0 root 1416 0.0 0.5 1400864 20540 ? Ssl 16:15 0:00 /usr/sbin/virtqemud --timeout 120
system_u:system_r:xdm_t:s0-s0:c0.c1023 root 1419 0.0 0.2 532492 9088 ? Ssl 16:15 0:00 /usr/sbin/gdm
system_u:system_r:xdm_t:s0-s0:c0.c1023 root 1433 0.0 0.2 466144 11264 ? Sl 16:15 0:00 gdm-session-worker [pam/gdm-autologin]
system_u:system_r:unconfined_service_t:s0 root 1476 0.0 0.1 305740 6400 ? Ssl 16:15 0:00 /usr/libexec/uresourced
system_u:system_r:init_t:s0 liveuser 1504 0.0 0.0 22192 3728 ? S 16:15 0:00 (sd-pam)
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 liveuser 1531 0.0 0.0 9196 3968 ? Ss 16:15 0:00 /usr/bin/dbus-broker-launch --scope user
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 liveuser 1535 0.2 0.1 7324 4928 ? S 16:15 0:00 dbus-broker --log 4 --controller 9 --machine-id 7befb37e1b8a4bccba5bcaa6a57e12a5 --max-bytes 100000000000000 --max-fds 25000000000000 --max-matches 5000000000
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 liveuser 1730 0.0 0.0 9068 3840 ? S 16:16 0:00 /usr/bin/dbus-broker-launch --config-file=/usr/share/defaults/at-spi2/accessibility.conf --scope user
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 liveuser 1731 0.0 0.0 4980 2816 ? S 16:16 0:00 dbus-broker --log 4 --controller 9 --machine-id 7befb37e1b8a4bccba5bcaa6a57e12a5 --max-bytes 100000000000000 --max-fds 6400000 --max-matches 5000000000
system_u:system_r:colord_t:s0 colord 1733 0.0 0.2 534748 11332 ? Ssl 16:16 0:00 /usr/libexec/colord
system_u:system_r:rpm_t:s0 root 1769 0.0 0.5 557184 23536 ? Ssl 16:16 0:00 /usr/libexec/packagekitd
system_u:system_r:vdagent_t:s0 root 1864 0.2 0.1 157984 4360 ? Ssl 16:16 0:00 /usr/sbin/spice-vdagentd
system_u:system_r:cupsd_t:s0-s0:c0.c1023 root 1899 0.0 0.2 253448 10368 ? Ss 16:16 0:00 /usr/sbin/cupsd -l
system_u:system_r:pcscd_t:s0 root 1943 0.0 0.1 395752 6976 ? Ssl 16:16 0:00 /usr/sbin/pcscd --foreground --auto-exit
unconfined_u:unconfined_r:xserver_t:s0-s0:c0.c1023 liveuser 1990 0.1 1.0 186428 41320 ? S 16:16 0:00 /usr/bin/Xwayland :0 -rootless -noreset -accessx -core -auth /run/user/1000/.mutter-Xwaylandauth.OTYPQ2 -listenfd 4 -listenfd 5 -displayfd 6 -initfd 7 -byteswappedclients -enable-ei-portal
system_u:system_r:sssd_t:s0 root 2096 0.0 0.2 245440 8704 ? Ss 16:16 0:00 /usr/libexec/sssd/sssd_kcm --uid 0 --gid 0 --logger=files
system_u:system_r:geoclue_t:s0 geoclue 2139 0.0 0.3 897828 12472 ? Ssl 16:16 0:00 /usr/libexec/geoclue
system_u:system_r:NetworkManager_t:s0 root 2159 0.0 0.1 14488 5376 ? Ss 16:16 0:00 /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -s
system_u:system_r:systemd_userdbd_t:s0 root 2256 0.0 0.1 16796 6912 ? S 16:16 0:00 systemd-userwork: waiting...
system_u:system_r:systemd_userdbd_t:s0 root 2277 0.0 0.1 16796 6912 ? S 16:16 0:00 systemd-userwork: waiting...
system_u:system_r:abrt_t:s0-s0:c0.c1023 root 2406 0.0 0.3 548608 13056 ? Ssl 16:16 0:00 /usr/sbin/abrt-dbus -t133
system_u:system_r:systemd_userdbd_t:s0 root 2723 0.0 0.1 16524 6656 ? S 16:16 0:00 systemd-userwork: waiting...