2

I've compiled a kernel (linux-libre-xtreme) with this configuration, it has most LSMs enabled: YAMA, SMACK, AppArmor, TOMOYO and SELinux. However, when I start the apparmor service with OpenRC I get:

# rc-service apparmor start
 * Stopping AppArmor ...
 *   Unloading AppArmor profiles
 *   Root privileges not available                                                                                                                                [ !! ]
 * Starting AppArmor ...
 *   Loading AppArmor profiles ...
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
 *   /etc/apparmor.d/usr.bin.apache2 failed to load
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.

And other profiles also complain, however this doesn't happen with other kernel that I've compiled too (linux-libre-lts-apparmor, see its configuration here)

What am I doing wrong? If I do cat /sys/module/apparmor/parameters/enabled with the linux-libre-xtreme kernel, I get N, but with linux-libre-lts-apparmor, it says Y, so I know it's not something with kernel parameters from the bootloader.

Improve this question

1 Answer 1

Reset to default
1

Solved by disabling CONFIG_DEFAULT_SECURITY_DAC=y, there has to be only one CONFIG_DEFAULT_SECURITY_* enabled it seems

EDIT: I also discovered that, for AppArmor to be enabled by default when booting, SECURITY_APPARMOR_BOOTPARAM_VALUE must be set to "1", like this: CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.