Ok, so the original goal was to get apparmor running on my Antergos system, as per this post.
To achieve this I needed to install a kernel that had the appropriate modules needed to run apparmor.
To achieve this I installed Linux hardened kernel via pacman using:
sudo pacman -S linux-hardened linux-hardened-headers
Then I selected the hardened kernel at boot, and I add the necessary boot parameters
Once the system is up and running apparmor indeed appears to be running. However during the system startup process I am not confronted with:
[FAILED] Failed to start Load Kernel Modules.
Having searched around online I think the main issue is the discrepancy that has formed between:
uname -a Linux AntWorld 4.17.15.a-1-hardened
pacman -Q linux linux 4.17.14.arch1-1
On the arch forum I came across a post by someone facing a similar problem when installing linux-lts kernel on arch.
Someone answering the question said:
Probably your boot partition was not mounted when you did the upgrade of the kernel. Mount the boot partition on /boot and reinstall the linux package. Fix your /etc/fstab to ensure it is mounted for future updates. Unmount the boot partition and look in /boot; there are probably a kernel file and and initrd file in there that do not belong. Unless you are not using a boot partition, the /boot directory, when not used as a mount point, should be empty. Updating the kernel with nothing mounted on /boot causes the flies to appear.
My questions now are:
Mount the boot partition on /boot and reinstall the linux package. --> Does that mean I need to startup, select the regular kernel in the grub menu and then apply
sudo -Rns linux-hardened linux-hardened-headers, then manually mount the boot partition, and then install the packages again? (NOTE: I have activated full-disk-encryption during Antergos installation, does that change the ways in which I am (un-)able to mount the boot partition in any way?)
Fix your /etc/fstab to ensure it is mounted for future updates -> Mine currently reads:
UUID=98dc5531-3348-4adf-8b64-c27db3f02012 /boot ext4 defaults,relatime,data=ord$ UUID=ba501b15-3a41-404b-8b5b-670a3a03372c / ext4 defaults,relatime,data=ordered$ UUID=ccd878da-d45e-4a68-8cc9-1a2f61f4ccc2 /home ext4 defaults,relatime,data=ord$ UUID=4760b469-17a6-4c21-abc7-e18fedc3f2b7 swap swap defaults 0 0
yet I am not quite sure how I should update it to ensure mounting of the boot partition?
Unmount the boot partition and look in /boot; there are probably a kernel file and and initrd file in there that do not belong. Unless you are not using a boot partition, the /boot directory, when not used as a mount point, should be empty. -> When I apply
/bootI currently get:
drwxr-xr-x 5 root root 1024 Aug 16 18:55 . drwxr-xr-x 17 root root 4096 Apr 14 09:18 .. drwxr-xr-x 6 root root 1024 Aug 18 10:33 grub -rw-r--r-- 1 root root 36946612 Aug 16 18:57 initramfs-linux-fallback.img -rw-r--r-- 1 root root 36937914 Aug 16 18:57 initramfs-linux-hardened-fallback.img -rw-r--r-- 1 root root 16981351 Aug 16 18:57 initramfs-linux-hardened.img -rw-r--r-- 1 root root 16966319 Aug 16 18:57 initramfs-linux.img -rw-r--r-- 1 root root 1747456 Aug 8 09:47 intel-ucode.img drwx------ 2 root root 12288 Dec 7 2017 lost+found drwxr-xr-x 2 root root 1024 Aug 9 20:48 syslinux -rw-r--r-- 1 root root 5330896 Aug 9 13:56 vmlinuz-linux -rw-r--r-- 1 root root 5380048 Aug 15 18:41 vmlinuz-linux-hardened
Does Unless you are not using a boot partition, the /boot directory, when not used as a mount point, should be empty. mean that after properly installing the kernel I could remove all these files & directories?
Thanks for your response! So, I was able to install linux-hardened and set the necessary kernel boot-options for Apparmor.
apparmor_statusnow reports that it is loaded. So succes!
However, one more problem popped up. Not sure if I should start a new thread for it?
Maybe it’s an easy answer… during the startup process I now get an error message saying:
[FAILED] Failed to start Load Kernel Modules.
I’ve googled and am pretty sure it is due to the installed linux-headers not matching my now hardened kernel. Yet when I run:
sudo pacman -S linux-headers-$(uname -r)
error: target not found: linux-headers-4.17.15.a-1-hardened
Updating my repositories did not work.
Any quick fix for it maybe? If no, simply say no and I will mark this thread as solved and open up a new one.
Ok, so I am trying to achieve to install and run AppArmor on my Antergos system.
When I follow the Arch-AppArmor wiki and install the AppArmor package I am supposed to test whether it is working via:
Apparently there are 3 possible outcomes :
Y — enabled, N — disabled, no such file — module not in kernel.
Not surprisingly I am getting the no such file message. I have checked whether the file might simple be in a different location but it appears not.
Yet, from what I am finding online the AppArmor kernel module should be part of the regular Arch linux kernel?
The real question is: will I be able to install AppArmor on my Antergos system without having to compile a completely new kernel for it?