[apparmor] 2.5.1 build failure on Arch

andrew thomas atswartz at gmail.com
Tue Oct 19 22:38:03 BST 2010 

  On 10/19/2010 03:47 PM, John Johansen wrote:
> On 10/19/2010 01:24 PM, andrew thomas wrote:
> <  snip>
>
>>>
>> Thanks for your reply John,
>> The weird thing is that I am using the same .config file to build my kernels on ubuntu, debian&  arch and apparmor works just fine on the first two.  Here is the security section.
>>
> okay definitely strange.  Let me get this straight, you build the same kernel on ubuntu, debian, and arch, and it works on ubuntu, and debian but not arch?
>
Yes.
> Does /sys/kernel/security exist in the arch kernel?
Yes, just empty.
> What of /sys/module/apparmor/parameters/  ?
> if it does exist, what is the output of
>    cat /sys/module/apparmor/parameters/enabled
>
>
# cat /sys/module/apparmor/parameters/enabled
Y

>>      #
>>      # Security options
>>      #
>>      CONFIG_KEYS=y
>>      # CONFIG_KEYS_DEBUG_PROC_KEYS is not set
>>      CONFIG_SECURITY=y
>>      CONFIG_SECURITYFS=y
>>      CONFIG_SECURITY_NETWORK=y
>>      # CONFIG_SECURITY_NETWORK_XFRM is not set
>>      CONFIG_SECURITY_PATH=y
>>      # CONFIG_SECURITY_SELINUX is not set
>>      # CONFIG_SECURITY_SMACK is not set
>>      # CONFIG_SECURITY_TOMOYO is not set
>>      CONFIG_SECURITY_APPARMOR=y
>>      CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
>>      CONFIG_SECURITY_APPARMOR_COMPAT_24=y
>>      # CONFIG_SECURITY_YAMA is not set
>>      # CONFIG_IMA is not set
>>      CONFIG_DEFAULT_SECURITY_APPARMOR=y
>>      # CONFIG_DEFAULT_SECURITY_DAC is not set
>>      CONFIG_DEFAULT_SECURITY="apparmor"
>>      CONFIG_CRYPTO=y
>>
>> I am getting the source from git://kernel.ubuntu.com/ubuntu/ubuntu-natty.git  and
>>
>>      patch -p1 -R<  ../apparmorB.patch
>>      patch -p1 -R<  ../apparmorA.patch
>>      git fetch
>>      git reset --hard origin/master
>>      patch -p1<  ../apparmorA.patch
>>      patch -p1<  ../apparmorB.patch
>>
>> removing and reapplying the patches when I update because they rebase against Linus' tree. The two patches are the patches that I posted on pastebin in my last post.  What could be different about Arch that would make the kernels not work right?
> That should work.  So if I install arch linux and pull ubuntu-natty.git and apply the patches and build under arch with your attached config, that would replicate what is failing for you correct?
>
That is correct.

Thanks again for all your help.  I just checked a a vanilla git kernel 
from 
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git and 
it did the same.

More information about the AppArmor mailing list