• How-to install&run AppArmor without compiling a new kernel


    Ok, so I am trying to achieve to install and run AppArmor on my Antergos system.

    When I follow the Arch-AppArmor wiki and install the AppArmor package I am supposed to test whether it is working via:

    cat /sys/module/apparmor/parameters/enabled
    

    Apparently there are 3 possible outcomes :

    Y — enabled, N — disabled, no such file — module not in kernel.

    Not surprisingly I am getting the no such file message. I have checked whether the file might simple be in a different location but it appears not.

    Yet, from what I am finding online the AppArmor kernel module should be part of the regular Arch linux kernel?

    The real question is: will I be able to install AppArmor on my Antergos system without having to compile a completely new kernel for it?

  • @exploring_ant said in How-to install&run AppArmor without compiling a new kernel:

    the AppArmor kernel module should be part of the regular Arch linux kernel

    No! as Archwiki say in first step:
    Installation
    Kernel:
    Install either linux-hardened (4.17.4 or later) or linux-apparmor.
    A third option is to compile a #Custom kernel.

    So you will need to install one of this kernels, and change bootorder to boot with the right kernel.
    And all the other steps wiki gives you… it is not just install something and it runs, you will need to configure boot process to do so .

    @exploring_ant said in How-to install&run AppArmor without compiling a new kernel:

    install the AppArmor package

    what exactly do you install here?

  • @joekamprad

    Thanks for your response! So, I was able to install linux-hardened and set the necessary kernel boot-options for Apparmor. apparmor_status now reports that it is loaded. So succes!

    However, one more problem popped up. Not sure if I should start a new thread for it?

    Maybe it’s an easy answer… during the startup process I now get an error message saying:

    [FAILED] Failed to start Load Kernel Modules.
    

    I’ve googled and am pretty sure it is due to the installed linux-headers not matching my now hardened kernel. Yet when I run:

    sudo pacman -S linux-headers-$(uname -r)
    

    I get:

    error: target not found: linux-headers-4.17.15.a-1-hardened
    

    Updating my repositories did not work.

    Any quick fix for it maybe? If no, simply say no and I will mark this thread as solved and open up a new one.

    Thnx!

  • sudo pacman -S linux-hardened-headers
    

    would do the trick then ;)

  • @joekamprad

    That worked!

    Yet, unfortunately that did not do the trick to resolve the error. This question however is solved, so I will mark it as such.

    I’ve posted the follow-up question here.

    Thnx!

  • Wrong link for new topic, keep getting error on editing it:

    Follow-up question posted here.

kernel152 how-to4 apparmor2 installrun1 Posts 6Views 748
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.