paiku
Posts: 16
Joined: Tue Jun 25, 2019 10:34 pm

apparmor on Raspbian

Fri Nov 22, 2019 4:31 pm

Is apparmor enabled on Raspbian by default like Debian 10 (buster)? Are some special instructions needed to enable it properly for Raspbian, is it even recommended to use on a Pi? (my Pi is a 3B+)

User avatar
Pulsar33
Posts: 174
Joined: Sun Aug 25, 2019 4:06 pm
Location: Bordeaux France

Re: apparmor on Raspbian

Fri Nov 22, 2019 4:53 pm

Hello,
Apparmor was (is) not loaded by the kernel. I made a report : https://github.com/raspberrypi/linux/issues/3196
This one (3196) was closed because an old thread (1698) was open about that problem.
That thread (1698) has been relaunched, the work has been done and tested, then proposed for merging.
You can say there that your are also waiting for this : https://github.com/raspberrypi/linux/pull/1698

In the meantime, you have to recompile the kernel if you want to use apparmor. Read mainly this message
Best regards
Pulsar33
Last edited by Pulsar33 on Fri Nov 22, 2019 5:43 pm, edited 1 time in total.
Pi 4 with 4Gb memory, DVB TV pHAT ------------------- Desktop : Core i5 Linux MINT 19.3

paiku
Posts: 16
Joined: Tue Jun 25, 2019 10:34 pm

Re: apparmor on Raspbian

Fri Nov 22, 2019 5:40 pm

This is very informative, thank you. ^^ I'm not that technically adept either, but having any kind of tool to passively (and reliably?) keep my system from being easier to exploit, the better.

I'll keep an eye on that github thread, it would be interesting to get other benchmarks from earlier Pi models as well. At minimum, the stronger processor on the new Pi 4 would benefit from integrating apparmor by default in the kernel.

Return to “Raspberry Pi OS”