Project

General

Profile

Bug #3614

error starting apparmor

CtIa - about 1 month ago - . Updated about 1 month ago.

Status:
unconfirmed
Priority:
bug
Assignee:
Megver83
% Done:

0%

Description

I tried to start AppArmor on linux-libre-hardened, linux-libre, linux-libre-lts and linux-libre-zen with openrc but it fails with that error:


[user@parabola ~]$ sudo rc-service apparmor start

doas (user@parabola) password: 

 * Starting AppArmor ...

 *   Loading AppArmor profiles ...

Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)

Warning: unable to find a suitable fs in /proc/mounts, is it mounted?

Use --subdomainfs to override.

 *   At least one profile failed to load                                                                                                                                                [ !! ]

History

#1

Updated by bill-auger about 1 month ago

  • Assignee set to Megver83
  • Status changed from open to unconfirmed
  • Description updated (diff)
  • Subject changed from No kernel with apparmor support in repos to error starting apparmor
  • Tracker changed from Packaging Request to Bug

apparmor appears to be enabled in all of parabola's x86_64 and i686 kernels - those error messages are also suggesting that the kernel supports apparmorm but that something is mis-configured

linux-libre/armv7h:
CONFIG_AUDIT=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" 

linux-libre/i686:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre/x86_64:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-hardened/x86_64:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-lts/armv7h:
CONFIG_AUDIT=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" 

linux-libre-lts/i686:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-lts/x86_64:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-vanilla/armv7h:
CONFIG_AUDIT=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" 

linux-libre-vanilla/i686:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-vanilla/x86_64:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-zen/armv7h:
CONFIG_AUDIT=y
CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" 

linux-libre-zen/i686:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" 

linux-libre-zen/x86_64:
CONFIG_AUDIT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
#2

Updated by bill-auger about 1 month ago

  • File deleted (error.txt)
#3

Updated by CtIa about 1 month ago

I understand the problem: there is no apparmor lsm enabled by default as in arm kernels, so it need to be enabled manually, then everything works.

Also available in: Atom PDF