Jump to content

Recommended Posts

Posted

I tried to used AppArmor under the Linux cubietruck 4.4.1-sunxi #10 SMP Wed Feb 17 17:57:20 CET 2016 armv7l GNU/Linux.

But I get a kernel panic after i rebooted the system.

 

Some questions:

 

1. Did you integrate AppArmor into the kernel?

2. Did you use an alternative mandatory access control?

3. Need I an additional kernel argument in the /boot/boot.cmd other than these "apparmor=1 security=apparmor"?

4. Is there a major diffenrece between your kernel and that from danad.de?

 

Unluckily I was not capable of getting a dump from the kernel panic. If you need it, I would take a photo.

Posted

Links above seem dead. I tried to get Apparmor to run in a Nanopi Neo 2 (18.04.1 LTS 4.19.13-sunxi64) as:

apt install apparmor
echo "extraargs=apparmor=1 security=apparmor" >> /boot/armbianEnv.txt
update-initramfs -u
reboot

However after the reboot I still get:

root@nanopineo2:~# service apparmor status
● apparmor.service - AppArmor initialization
   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
Condition: start condition failed at Sat 2019-01-26 16:10:54 UTC; 4min 55s ago
           └─ ConditionSecurity=apparmor was not met
     Docs: man:apparmor(7)
           http://wiki.apparmor.net/

I'm not much versed in this, do I need to compile a new kernel to enable AppArmor or, in theory my changes were enough?

 

Thank you.

Posted
8 minutes ago, TCB13 said:

do I need to compile a new kernel to enable AppArmor

Probably ...

To confirm, check it by doing "grep APPARMOR /boot/config-*" .

Posted
1 hour ago, martinayotte said:

Probably ...

To confirm, check it by doing "grep APPARMOR /boot/config-*" .

 

Thanks for the answer, here is the result:

root@nanopineo2:~# grep APPARMOR /boot/config-*
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set

 

CONFIG_SECURITY_APPARMOR is set to  y.  Shouldn't it work out of the box with my changes to /boot/armbianEnv.txt ? 

 

Posted

@martinayotte I decided to switch to the Debian kernel and the exact same config worked right after a reboot. Although Ubuntu is the OS that brags about using Apparmor by default looks like on ARM Debian works much better.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines