You are not logged in.
- Topics: Active | Unanswered
#26 2022-11-02 21:53:54
- ralph.ronnquist
- Administrator
- From: Battery Point, Tasmania, AUS
- Registered: 2016-11-30
- Posts: 1,251
Re: How disable apparmor?
I have "security=none" and
stuga% cat /sys/kernel/security/lsm ; echo
lockdown,capability,yama i.e., "yama" belongs to the unavoidable default collection of Linux Security Modules
https://kernsec.org/wiki/index.php/Projects
Offline
#27 2022-11-02 23:55:29
- andyp67
- Member
- Registered: 2022-10-30
- Posts: 228
Re: How disable apparmor?
purge uninstall it
dpkg -P apparmor
I go no complaints at all whatsoever.
And copied the apparmor deb off the install media to my /root, so I got it at hand.
I today installed Chimaera minimal and kept apparmor on it and did a refractasnapshot-base live and put xserver-xorg-core on that.
I may have installed libapparmor1 for something, been busy.
Try it.
Offline
#28 2022-11-03 00:18:55
- andyp67
- Member
- Registered: 2022-10-30
- Posts: 228
Re: How disable apparmor?
One more thing,
I don't have apparmor on my box and it ain't broke at all whatsoever.
I also dpkg --force-all -P elogind libelogind0 libpam-elogind libpolkit-agent-1-0 libpolkit-gobject-1-0 libpolkit-gobject-elogind-1-0 policykit-1 policykit-1-gnome
and then I apt-get download or dpkg -i libsystemd0
and it ain't broke at all whatsoever.
Did it today, Chimaera clean install, updates, security & updates & main, & kernel.
Previously I have played around with a live that I have made with refractasnapshot-base.
So I made a minimal console live, then on that live I put xserver-xorg-core etc which pulls in elogind etc. which I have purged and put libsystemd0 and checked apt-get and no problems at all.
I then put full-fat browser on which pulled in elogind again and I purged it again and browser quite fine.
I'm not saying what I do is correct but if supremely strict apt-get doesn't reply with a headache that's good.
Thank you.
I think apparmor and elogind are in the same barrel.
Offline
#29 2022-11-03 00:50:11
- andyp67
- Member
- Registered: 2022-10-30
- Posts: 228
Re: How disable apparmor?
I think this is the defacto or only way to do this;
I just done the above and could not startx from user, I forgot,
install xserver-xorg-legacy (provides suid root wrapper;)
then edit
/etc/X11/Xwrapper.config
allowed_users=anybody
needs_root_rights=yes
Offline
#30 2022-11-03 01:01:14
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: How disable apparmor?
I think elogind is better than running X under root.
Doesn't seatd work in chimeara? I can get a Wayland session under Alpine with just that running. EDIT: with sway anyway.
Last edited by Head_on_a_Stick (2022-11-03 01:01:48)
Brianna Ghey — Rest In Power
Offline
#31 2022-11-03 02:33:31
- andyp67
- Member
- Registered: 2022-10-30
- Posts: 228
Re: How disable apparmor?
Xwrapper.config running X as user
Offline
#32 2022-11-03 05:58:36
- GlennW
- Member
- From: Brisbane, Australia
- Registered: 2019-07-18
- Posts: 644
Re: How disable apparmor?
So if i use security=none it should only be for SELinux, Smack, Tomoyo, and AppArmor ?
I think they are all kernel "security" modules. That way you can leave out the apparmor=on/off command from the boot line.
I don't know if there are any others.
pic from 1993, new guitar day.
Offline
#33 2023-03-10 20:08:49
- humpty
- Member
- Registered: 2023-03-10
- Posts: 2
Re: How disable apparmor?
..
But then you upgrade the kernel and there it is again.
..What I always do is purge apparmor after the upgrade..
A.
What about holding the package; sudo apt-mark hold apparmor
or even pinning it ?
Would the upgrade still go through ?
Offline
#34 2023-03-10 20:53:02
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: How disable apparmor?
Hello:
Altoid wrote:..
But then you upgrade the kernel and there it is again.
What I always do is purge apparmor after the upgrade..
A.What about holding the package; sudo apt-mark hold apparmor
or even pinning it ?Would the upgrade still go through ?
Hmm ...
No idea.
Have not tried it but I don't see (?) why it shouldn't.
Yes, I guess I could pin it.
ie: the same way I do with pulseaudio and see what happens on the next upgrade.
Bear in mind that there are other apparmor related libraries which are/may be needed by other packages.
eg: libapparmor1
~$ aptitude why libapparmor1
i stress-ng Depends libapparmor1 (>= 2.10)
~$ Edit:
It seems that there's more than stress-ng involved with libapparmor1.
~$ aptitude why libapparmor1
i slim Depends dbus
i A dbus Depends libapparmor1 (>= 2.8.94)
~$---> Very strange all this did not show up on my previous query to aptitude. <---
I have not used stress-ng in years, so I might as well get rid of it. and solve the issue.
We'll see how the pinning goes.
Best,
A.
Last edited by Altoid (2023-03-10 21:59:13)
Offline
#35 2023-03-11 18:00:01
- humpty
- Member
- Registered: 2023-03-10
- Posts: 2
Re: How disable apparmor?
---> Very strange all this did not show up on my previous query to aptitude. <---
A.
Yeh, I noticed that too, aptitude 'why' seems to only show the first one it finds.
This one is more useful;
apt-cache --installed rdepends dbusand since a boat load of stuff depends on that list,
aptitude purge libapparmor1 (n) (don't press enter)
suggests about 100 others to remove.
Offline
