Author Topic: AppArmor is not working.  (Read 8743 times)

HodLuM

  • Newbie
  • *
  • Posts: 17
    • View Profile
on: August 01, 2013, 12:44:21 PM
I uninstalled AppArmor a few days ago and installed SELinux, but I uninstalled SELinux because I didn't like it, then I decided to go back to AppArmor.


I did "sudo apt-get apparmor" and it was working, now when I do "sudo apparmor_status"

it gives me this:

bb@box:~$ sudo apparmor_status
apparmor module is loaded.
apparmor filesystem is not mounted.
bb@box:~$


How do I fix this?



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #1 on: August 01, 2013, 06:13:00 PM
I did "sudo apt-get apparmor" and it was working,
??really??

Quote
now when I do "sudo apparmor_status" it gives me this:

bb@box:~$ sudo apparmor_status
apparmor module is loaded.
apparmor filesystem is not mounted.
bb@box:~$

How do I fix this?
do you know what are you doing? look at this output
Code: [Select]
mount | grep securityfs I guess that you didn't mount securityfs, so, if you are sure that you need some apparmor profile enabled you should mount with this:
Code: [Select]
mount securityfs -t securityfs /sys/kernel/security btw, I told you few days ago, do you really need this enforcement?

una voce libera รจ sempre liberatrice
under_r00t


HodLuM

  • Newbie
  • *
  • Posts: 17
    • View Profile
Reply #2 on: August 01, 2013, 09:06:31 PM
weVeg, your solution is useless.

I have finally solved this problem, AppArmor is all healthy and working without no problems again!

/proc/cmdline contained:
BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-686-pae
root=UUID=26ada0c0-1165-4098-884d-aafd2220c2c6 ro

Adding "apparmor=1 security=apparmor" to GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub and running "sudo update-grub" and "sudo reboot" fixed this issue.

another fix of this problem is:

$ sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX=" $1 apparmor=1 security=apparmor",' /etc/default/grub
$ sudo update-grub
$ sudo reboot


P.S: mounting /sys/kernel/security seemed pretty suspicious as one can say, and that had nothing to do with AppArmor's disablement as the main module itself wasn't working. It had something to do with the GRUB configurations.

(weVeg, stop googling every question :p)



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #3 on: August 02, 2013, 11:06:18 AM
weVeg, your solution is useless.

I have finally solved this problem, AppArmor is all healthy and working without no problems again!

/proc/cmdline contained:
BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-686-pae
root=UUID=26ada0c0-1165-4098-884d-aafd2220c2c6 ro

Adding "apparmor=1 security=apparmor" to GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub and running "sudo update-grub" and "sudo reboot" fixed this issue.

another fix of this problem is:

$ sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX=" $1 apparmor=1 security=apparmor",' /etc/default/grub
$ sudo update-grub
$ sudo reboot


P.S: mounting /sys/kernel/security seemed pretty suspicious as one can say, and that had nothing to do with AppArmor's disablement as the main module itself wasn't working. It had something to do with the GRUB configurations.

(weVeg, stop googling every question :p)
you can't say straight forward that weVeg's solution is useless as you did exactly what he said.
I am pretty confident that you don't have much idea about what you are doing do you?

weVeg told you to mount the filesystem and that is what exactly you did by adding the mount of security filesystem to grub, which whill be mounted as soon as you reboot the box.

So as far as I can see there are no problems and no fixed issues here, you just had the fs not mounted and you did mounted later.

That is all.

Enjoy and please use better language the next time when you reply to somebody;-)