Bug #3614
error starting apparmor
Status:
unconfirmed
Priority:
bug
Assignee:
% Done:
0%
Description
I tried to start AppArmor on linux-libre-hardened, linux-libre, linux-libre-lts and linux-libre-zen with openrc but it fails with that error:
[user@parabola ~]$ sudo rc-service apparmor start doas (user@parabola) password: * Starting AppArmor ... * Loading AppArmor profiles ... Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) Warning: unable to find a suitable fs in /proc/mounts, is it mounted? Use --subdomainfs to override. * At least one profile failed to load [ !! ]
History
Updated by bill-auger about 1 month ago
- Assignee set to Megver83
- Status changed from open to unconfirmed
- Description updated (diff)
- Subject changed from No kernel with apparmor support in repos to error starting apparmor
- Tracker changed from Packaging Request to Bug
apparmor appears to be enabled in all of parabola's x86_64 and i686 kernels - those error messages are also suggesting that the kernel supports apparmorm but that something is mis-configured
linux-libre/armv7h: CONFIG_AUDIT=y CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" linux-libre/i686: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre/x86_64: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-hardened/x86_64: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-lts/armv7h: CONFIG_AUDIT=y CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" linux-libre-lts/i686: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-lts/x86_64: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-vanilla/armv7h: CONFIG_AUDIT=y CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" linux-libre-vanilla/i686: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-vanilla/x86_64: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-zen/armv7h: CONFIG_AUDIT=y CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" linux-libre-zen/i686: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" linux-libre-zen/x86_64: CONFIG_AUDIT=y CONFIG_SECURITY_APPARMOR=y CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"
Updated by CtIa about 1 month ago
I understand the problem: there is no apparmor lsm enabled by default as in arm kernels, so it need to be enabled manually, then everything works.