[apparmor] Apparmor with initramfs mode
John Johansen
john.johansen at canonical.com
Tue Jul 1 15:33:05 UTC 2014
On 07/01/2014 05:23 AM, Francois Bussery wrote:
> Thanks a lot for this reply.
> In fact, I can confirm that apparmor works fine when booting from
> initramfs. I have no problem with profiles I write manually.
> All the rules are working fine for all mount points except the rootfs.
> (Ex: /sys, /proc, /mnt/xxx,Š)
> Unfortunately, for the files inside the initramfs, they¹re not catched by
> apparmor. It seems that the problem is that they¹re not considered as
> ³mediated filesystem²
> The pb seems to be related to the flag MS_NOUSER that is set in initramfs.
>
Ah yes correcy, currently apparmor won't mediate the initramfs it self.
More information about the AppArmor
mailing list