[apparmor] Can't use aa on 3.8.6 kernel!
John Johansen
john.johansen at canonical.com
Tue Apr 9 09:33:24 UTC 2013
On 04/09/2013 01:58 AM, Aaron Lewis wrote:
> Hi John!
>
> On 01:38 Tue 09 Apr , John Johansen wrote:
>> On 04/08/2013 10:57 PM, Aaron Lewis wrote:
>>> Hi,
>>>
>>> I'm running Arch with 3.8.6. kernel, and I got it patched with 2.8.1 releases.
>>>
>>> But aa-status got errors,
>>>
>>> apparmor module is loaded.
>>> apparmor filesystem is not mounted.
>>>
>>> Any ideas?
>>>
>>> P.S securityfs is mounted, mount shows:
>>>
>>> securityfs on /sys/kernel/security type securityfs (rw,relatime)
>>>
>> aaron what patches are applied? Is this a stock 3.8 kernel?
>
> The patch set for 3.6, and I modified the code a bit to make the patch
> work (no functionality change)
>
> The 3.8.6 kernel with grsec patch.
>
>>
>> What is the value returned from
>>
>> cat /sys/module/apparmor/parameters/enabled
>>
>
> Says 'N'
>
> But I have a `security=apparmor` in /proc/cmdline, so that's no longer
> suitable?
>
No that should still apply. There are a couple of other configs that could
cause apparmor to not register.
if apparmor is built with the config SECURITY_APPARMOR_BOOTPARAM_VALUE=0
then even if security=apparmor is set apparmor will be disabled, and can
only be enabled by setting apparmor=1 in boot loaders kernel cmdline.
So you can try this without even having to rebuild the kernel.
If security= isn't set then the default lsm is used what ever that is set
to (shouldn't apply in this case).
More information about the AppArmor
mailing list