Thanks for the help, Tyler. The manual mount worked perfectly; I'll work on getting it into the boot process, or perhaps work on porting systemd. ________________________________ From: Tyler Hicks <[email protected]> Sent: Wednesday, October 30, 2019 1:01 PM To: Justin Dick <[email protected]> Cc: [email protected] <[email protected]> Subject: [EXTERNAL] Re: [apparmor] Missing /sys/kernel/security/apparmor
On 2019-10-29 22:28:42, Justin Dick wrote: > Hello all - > > I'm trying to enable snapd on an embedded device, and looking into getting > apparmor support sorted out. I'm working with kernel 3.10 and AFAIK have > everything set up properly in the config. After boot, > /sys/module/apparmor/parameters/enabled is 'Y', but /sys/kernel/security/ is > completely empty. I've tried booting with no explicit flags set in the kernel > boot parameters (relying on the kernel config defaults), and with setting > "security=apparmor apparmor=1". Nothing seems to help. > > Any ideas from anyone? I'm pasting the relevant entries in /proc/config.gz > below. You must mount securityfs as part of the boot process. You can do this manually to verify that it works: $ sudo mount -t securityfs securityfs /sys/kernel/security If that works, you'll need to determine how to best make that happen in early boot of your embedded device. Tyler > > Thanks, all! > Justin > > -sh-3.2# cat /proc/config.gz | gzip -d | grep SECURITY > CONFIG_EXT4_FS_SECURITY=y > # CONFIG_SECURITY_DMESG_RESTRICT is not set > CONFIG_SECURITY=y > CONFIG_SECURITYFS=y > CONFIG_SECURITY_NETWORK=y > # CONFIG_SECURITY_NETWORK_XFRM is not set > CONFIG_SECURITY_PATH=y > # CONFIG_SECURITY_SELINUX is not set > # CONFIG_SECURITY_SMACK is not set > # CONFIG_SECURITY_TOMOYO is not set > CONFIG_SECURITY_APPARMOR=y > CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > # CONFIG_SECURITY_YAMA is not set > CONFIG_DEFAULT_SECURITY_APPARMOR=y > # CONFIG_DEFAULT_SECURITY_DAC is not set > CONFIG_DEFAULT_SECURITY="apparmor" > -sh-3.2# ls /sys/kernel/security/ > -sh-3.2# cat /sys/module/apparmor/parameters/enabled > Y > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor<https://lists.ubuntu.com/mailman/listinfo/apparmor>
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
