taraquedo
Posts: 4
Joined: Thu Sep 01, 2011 8:09 am

AppArmor

Sat Sep 28, 2013 9:24 am

Hi,

I installed the newest raspbian on my pi and want to use it as a small server. I think it is a good idea to use AppArmor as a final frontier for intruders/zero-day exploits (among other security concepts), ... I installed it and appended

Code: Select all

apparmor=1 security=apparmor
to my /boot/cmdline.txt and rebooted.

Sadly apparmor_status prints "AppArmor not available in kernel.". So, isn't it possible to activate AppArmor with the standard kernel or have I done something wrong?

Greetings from Germany!

Oakham
Posts: 366
Joined: Tue Aug 20, 2013 9:11 pm

Re: AppArmor

Sat Sep 28, 2013 9:44 am

It appears in the official Debain Packages List http://packages.debian.org/wheezy/apparmor

http://wiki.apparmor.net/index.php/Main_Page

Did you install from the Raspbian Wheezy repositories ?

sudo apt-get update
sudo apt-get upgrade
sudo apt-get apparmor
Searching is easy, most questions have been asked before !

taraquedo
Posts: 4
Joined: Thu Sep 01, 2011 8:09 am

Re: AppArmor

Sat Sep 28, 2013 10:06 am

Hi,

yes I did so. I haven't changed anything to sources.list[.d].

Code: Select all

#apparmor_status --verbose
AppArmor not available in kernel.

#uname -a
Linux rura 3.6.11+ #538 PREEMPT Fri Aug 30 20:42:08 BST 2013 armv6l GNU/Linux

#cat /etc/apt/sources.list
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi

# dpkg --list|grep armor
ii  apparmor                             2.7.103-4+rpi1                armhf        User-space parser utility for AppArmor
ii  apparmor-utils                       2.7.103-4+rpi1                armhf        Utilities for controlling AppArmor
ii  libapparmor-perl                     2.7.103-4+rpi1                armhf        AppArmor library Perl bindings
ii  libapparmor1                         2.7.103-4+rpi1                armhf        changehat AppArmor library

#cat /boot/cmdline.txt 
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline init=/lib/systemd/systemd rootwait apparmor=1 security=apparmor

I suppose it has something to do with the kernel-config at compile time. One have to activate some CONFIG_* flags to AppArmor to work for sure. I don't know which parameters and I don't know where to get the raspbian kernel .config file to check if these are set. I don't want to build my own kernel anyhow.

No idea where to look any further.

Return to “Troubleshooting”