The officially official Devuan Forum!

You are not logged in.

#1 2021-12-27 15:43:48

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

[SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

I am in the process of building a (light as possible) Beowulf installation on a separate disk in my box.

root@devuan3:~# uname -a
Linux devuan3 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
root@devuan3:~# 

One of the things I do not want running is AppArmor.

I added the bit security=none to the kernel command line and purged it but I still get this in dmesg:

root@devuan3:~# dmesg | grep -i apparmor
[    0.328030] AppArmor: AppArmor initialized
[    0.569017] AppArmor: AppArmor Filesystem Enabled
[    1.257404] AppArmor: AppArmor sha1 policy hashing enabled
root@devuan3:~#

So I looked to see what was going on:

root@devuan3:~# apt list | grep -i installed | grep -i apparmor
--- snip ---
libapparmor1/oldstable,now 2.13.2-10 amd64 [installed,automatic]
root@devuan3:~# 

AppArmor is not installed but it left behind its crap, which seems difficult to get rid of:

root@devuan3:~# apt purge libapparmor1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 dconf-service : Depends: default-dbus-session-bus but it is not installable or
                          dbus-session-bus
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
root@devuan3:~#

So what is causing this?

root@devuan3:~# aptitude why libapparmor1
i   dbus Depends libapparmor1 (>= 2.8.94)
root@devuan3:~# 

dbus is installed and up to date:

root@devuan3:~# apt install dbus
Reading package lists... Done
Building dependency tree       
Reading state information... Done
dbus is already the newest version (1.12.20-0+deb10u1+devuan1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@devuan3:~# 

And dbus-session-bus can't be installed:

root@devuan3:~# apt install dbus-session-bus
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'dbus-x11' instead of 'dbus-session-bus'
dbus-x11 is already the newest version (1.12.20-0+deb10u1+devuan1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@devuan3:~# 

I have a faint memory of having come across this before but I cannot find it in the forum.

Any ideas?

Thanks in advance,

A.

Offline

#2 2021-12-27 16:59:01

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

https://wiki.debian.org/AppArmor/HowToU … e_AppArmor

EDIT: the AppArmor lines in dmesg are from the kernel module.

Last edited by Head_on_a_Stick (2021-12-27 17:09:38)


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#3 2021-12-27 17:32:27

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Thanks for the link, I'll have a look later on.

Head_on_a_Stick wrote:

EDIT: the AppArmor lines in dmesg are from the kernel module.

My main system is this one and as you can see it is Devuan Beowulf with a backported kernel:

groucho@devuan:~$ uname -a
Linux devuan 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux
groucho@devuan:~$ 

AppArmor is not installed but like in the OP, libapparmor1 is there:

groucho@devuan:~$ apt list | grep installed | grep -i apparmor
--- snip ---
libapparmor1/oldstable,now 2.13.2-10 amd64 [installed]
groucho@devuan:~$ 

But with this kernel it does not make itself known via dmesg like with the Beowulf kernel.

groucho@devuan:~$ sudo dmesg | grep -i apparmor
groucho@devuan:~$ 

Makes me wonder why ...

Thanks for your input.

Best,

A.

Offline

#4 2021-12-27 17:49:19

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Altoid wrote:

... faint memory of having come across this before ...

Found it.
It was me bitching about AppArmor earlier this year:

https://dev1galaxy.org/viewtopic.php?id=4329

Now I have to re-check and see if it is really true that security=none disables both tomoyo and AppArmor, making apparmor=0 unneccesary.

Best,

A.

Offline

#5 2021-12-27 21:29:58

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,068  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

dbus-x11 Provides: dbus-session-bus

Offline

#6 2021-12-27 21:53:39

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Altoid wrote:

dbus-session-bus can't be installed

$ apt info dbus-session-bus
Package: dbus-session-bus
State: not a real package (virtual)
N: Can't select candidate version from package dbus-session-bus as it has no candidate
N: Can't select versions from package 'dbus-session-bus' as it is purely virtual
N: No packages found
$

See also https://www.debian.org/doc/debian-polic … irtual-pkg


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#7 2021-12-28 13:07:37

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Why is there a dbus dependency on libapparmor1?
I don't understand what is going on.

ascii w/backported kernel installation:

groucho@devuan:~$ aptitude why libapparmor1
i   slim Depends dbus                    
i A dbus Depends libapparmor1 (>= 2.8.94)
groucho@devuan:~$ 

ascii VM:

groucho@dev-pihole:~$ sudo aptitude why libapparmor1
i   dbus-x11 Depends dbus                    
i A dbus     Depends libapparmor1 (>= 2.8.95)
groucho@dev-pihole:~$ 

chimaera VM:

root@chimaera:~# aptitude why libapparmor1
i   dbus Depends libapparmor1 (>= 2.8.94)
root@chimaera:~# 

apparmor is not installed in any of these three Devuan machines.
Yet, from ascii on, there seems to be a constant apparmor infiltration.

This is the apparmor stuff I have in my main installation:

groucho@devuan:~$ uname -a
Linux devuan 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux
groucho@devuan:~$ 
groucho@devuan:~$ apt list | grep installed | grep -i apparmor
--- snip ---
libapparmor1/oldstable,now 2.13.2-10 amd64 [installed]
groucho@devuan:~$ 
groucho@devuan:~$ locate apparmor
/etc/apparmor.d
/etc/apparmor.d/local
/etc/apparmor.d/usr.sbin.tcpdump
/etc/apparmor.d/local/usr.sbin.tcpdump
/lib/x86_64-linux-gnu/libapparmor.so.1
/lib/x86_64-linux-gnu/libapparmor.so.1.6.0
/usr/share/doc/libapparmor1
/usr/share/doc/libapparmor1/changelog.Debian.gz
/usr/share/doc/libapparmor1/copyright
/usr/share/lintian/overrides/libapparmor1
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/default/security/apparmor.h
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/security/apparmor
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/security/apparmor.h
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/security/apparmor/hash
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/security/apparmor/hash.h
/usr/src/linux-headers-5.10.0-0.bpo.3-amd64/include/config/security/apparmor/hash/default.h
/var/lib/dpkg/info/libapparmor1:amd64.list
/var/lib/dpkg/info/libapparmor1:amd64.md5sums
/var/lib/dpkg/info/libapparmor1:amd64.shlibs
/var/lib/dpkg/info/libapparmor1:amd64.symbols
/var/lib/dpkg/info/libapparmor1:amd64.triggers
groucho@devuan:~$ 

This is what I have in one of my VMs:

groucho@dev-pihole:~$ uname -a
Linux dev-pihole 4.9.0-17-amd64 #1 SMP Debian 4.9.290-1 (2021-12-12) x86_64 GNU/Linux
groucho@dev-pihole:~$ 
groucho@dev-pihole:~$ apt list | grep installed | grep -i apparmor
--- snip ---
libapparmor1/oldoldstable,now 2.11.0-3+deb9u2 amd64 [installed,automatic]
groucho@dev-pihole:~$ 
groucho@dev-pihole:~$ locate apparmor
/etc/apparmor
/etc/apparmor.d
/etc/apparmor/init
/etc/apparmor/init/network-interface-security
/etc/apparmor/init/network-interface-security/usr.sbin.ntpd
/etc/apparmor.d/local
/etc/apparmor.d/tunables
/etc/apparmor.d/usr.sbin.ntpd
/etc/apparmor.d/usr.sbin.unbound
/etc/apparmor.d/local/usr.sbin.ntpd
/etc/apparmor.d/local/usr.sbin.unbound
/etc/apparmor.d/tunables/ntpd

This is what I have in another one of my VMs:

groucho@chimaera:~$ uname -a
Linux chimaera 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux
groucho@chimaera:~$ 
root@chimaera:~# apt list | grep installed | grep -i apparmor
--- snip ---
libapparmor1/stable,now 2.13.6-10 amd64 [installed,automatic]
root@chimaera:~# 
root@chimaera:~# locate apparmor
/etc/apparmor
/etc/apparmor.d
/etc/apparmor/parser.conf
/etc/apparmor.d/abstractions
/etc/apparmor.d/local
/etc/apparmor.d/lsb_release
/etc/apparmor.d/nvidia_modprobe
/etc/apparmor.d/tunables
/etc/apparmor.d/usr.bin.man
/etc/apparmor.d/abstractions/X
/etc/apparmor.d/abstractions/apache2-common
/etc/apparmor.d/abstractions/apparmor_api
/etc/apparmor.d/abstractions/aspell
/etc/apparmor.d/abstractions/audio
/etc/apparmor.d/abstractions/authentication
/etc/apparmor.d/abstractions/base
/etc/apparmor.d/abstractions/bash
/etc/apparmor.d/abstractions/consoles
/etc/apparmor.d/abstractions/cups-client
/etc/apparmor.d/abstractions/dbus
/etc/apparmor.d/abstractions/dbus-accessibility
/etc/apparmor.d/abstractions/dbus-accessibility-strict
/etc/apparmor.d/abstractions/dbus-network-manager-strict
/etc/apparmor.d/abstractions/dbus-session
/etc/apparmor.d/abstractions/dbus-session-strict
/etc/apparmor.d/abstractions/dbus-strict
/etc/apparmor.d/abstractions/dconf
/etc/apparmor.d/abstractions/dovecot-common
/etc/apparmor.d/abstractions/dri-common
/etc/apparmor.d/abstractions/dri-enumerate
/etc/apparmor.d/abstractions/enchant
/etc/apparmor.d/abstractions/exo-open
/etc/apparmor.d/abstractions/fcitx
/etc/apparmor.d/abstractions/fcitx-strict
/etc/apparmor.d/abstractions/fonts
/etc/apparmor.d/abstractions/freedesktop.org
/etc/apparmor.d/abstractions/gio-open
/etc/apparmor.d/abstractions/gnome
/etc/apparmor.d/abstractions/gnupg
/etc/apparmor.d/abstractions/gvfs-open
/etc/apparmor.d/abstractions/hosts_access
/etc/apparmor.d/abstractions/ibus
/etc/apparmor.d/abstractions/kde
/etc/apparmor.d/abstractions/kde-globals-write
/etc/apparmor.d/abstractions/kde-icon-cache-write
/etc/apparmor.d/abstractions/kde-language-write
/etc/apparmor.d/abstractions/kde-open5
/etc/apparmor.d/abstractions/kerberosclient
/etc/apparmor.d/abstractions/ldapclient
/etc/apparmor.d/abstractions/libpam-systemd
/etc/apparmor.d/abstractions/likewise
/etc/apparmor.d/abstractions/mdns
/etc/apparmor.d/abstractions/mesa
/etc/apparmor.d/abstractions/mir
/etc/apparmor.d/abstractions/mozc
/etc/apparmor.d/abstractions/mysql
/etc/apparmor.d/abstractions/nameservice
/etc/apparmor.d/abstractions/nis
/etc/apparmor.d/abstractions/nvidia
/etc/apparmor.d/abstractions/opencl
/etc/apparmor.d/abstractions/opencl-common
/etc/apparmor.d/abstractions/opencl-intel
/etc/apparmor.d/abstractions/opencl-mesa
/etc/apparmor.d/abstractions/opencl-nvidia
/etc/apparmor.d/abstractions/opencl-pocl
/etc/apparmor.d/abstractions/openssl
/etc/apparmor.d/abstractions/orbit2
/etc/apparmor.d/abstractions/p11-kit
/etc/apparmor.d/abstractions/perl
/etc/apparmor.d/abstractions/php
/etc/apparmor.d/abstractions/php5
/etc/apparmor.d/abstractions/postfix-common
/etc/apparmor.d/abstractions/private-files
/etc/apparmor.d/abstractions/private-files-strict
/etc/apparmor.d/abstractions/python
/etc/apparmor.d/abstractions/qt5
/etc/apparmor.d/abstractions/qt5-compose-cache-write
/etc/apparmor.d/abstractions/qt5-settings-write
/etc/apparmor.d/abstractions/recent-documents-write
/etc/apparmor.d/abstractions/ruby
/etc/apparmor.d/abstractions/samba
/etc/apparmor.d/abstractions/smbpass
/etc/apparmor.d/abstractions/ssl_certs
/etc/apparmor.d/abstractions/ssl_keys
/etc/apparmor.d/abstractions/svn-repositories
/etc/apparmor.d/abstractions/ubuntu-bittorrent-clients
/etc/apparmor.d/abstractions/ubuntu-browsers
/etc/apparmor.d/abstractions/ubuntu-browsers.d
/etc/apparmor.d/abstractions/ubuntu-console-browsers
/etc/apparmor.d/abstractions/ubuntu-console-email
/etc/apparmor.d/abstractions/ubuntu-email
/etc/apparmor.d/abstractions/ubuntu-feed-readers
/etc/apparmor.d/abstractions/ubuntu-gnome-terminal
/etc/apparmor.d/abstractions/ubuntu-helpers
/etc/apparmor.d/abstractions/ubuntu-konsole
/etc/apparmor.d/abstractions/ubuntu-media-players
/etc/apparmor.d/abstractions/ubuntu-unity7-base
/etc/apparmor.d/abstractions/ubuntu-unity7-launcher
/etc/apparmor.d/abstractions/ubuntu-unity7-messaging
/etc/apparmor.d/abstractions/ubuntu-xterm
/etc/apparmor.d/abstractions/user-download
/etc/apparmor.d/abstractions/user-mail
/etc/apparmor.d/abstractions/user-manpages
/etc/apparmor.d/abstractions/user-tmp
/etc/apparmor.d/abstractions/user-write
/etc/apparmor.d/abstractions/video
/etc/apparmor.d/abstractions/vulkan
/etc/apparmor.d/abstractions/wayland
/etc/apparmor.d/abstractions/web-data
/etc/apparmor.d/abstractions/winbind
/etc/apparmor.d/abstractions/wutmp
/etc/apparmor.d/abstractions/xad
/etc/apparmor.d/abstractions/xdg-desktop
/etc/apparmor.d/abstractions/xdg-open
/etc/apparmor.d/abstractions/apparmor_api/change_profile
/etc/apparmor.d/abstractions/apparmor_api/examine
/etc/apparmor.d/abstractions/apparmor_api/find_mountpoint
/etc/apparmor.d/abstractions/apparmor_api/introspect
/etc/apparmor.d/abstractions/apparmor_api/is_enabled
/etc/apparmor.d/abstractions/ubuntu-browsers.d/java
/etc/apparmor.d/abstractions/ubuntu-browsers.d/kde
/etc/apparmor.d/abstractions/ubuntu-browsers.d/mailto
/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
/etc/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
/etc/apparmor.d/abstractions/ubuntu-browsers.d/productivity
/etc/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files
/etc/apparmor.d/local/README
/etc/apparmor.d/local/lsb_release
/etc/apparmor.d/local/nvidia_modprobe
/etc/apparmor.d/local/usr.bin.man
/etc/apparmor.d/tunables/alias
/etc/apparmor.d/tunables/apparmorfs
/etc/apparmor.d/tunables/dovecot
/etc/apparmor.d/tunables/global
/etc/apparmor.d/tunables/home
/etc/apparmor.d/tunables/home.d
/etc/apparmor.d/tunables/kernelvars
/etc/apparmor.d/tunables/multiarch
/etc/apparmor.d/tunables/multiarch.d
/etc/apparmor.d/tunables/proc
/etc/apparmor.d/tunables/run
/etc/apparmor.d/tunables/securityfs
/etc/apparmor.d/tunables/share
/etc/apparmor.d/tunables/sys
/etc/apparmor.d/tunables/xdg-user-dirs
/etc/apparmor.d/tunables/xdg-user-dirs.d
/etc/apparmor.d/tunables/home.d/site.local
/etc/apparmor.d/tunables/home.d/ubuntu
/etc/apparmor.d/tunables/multiarch.d/site.local
/etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
/etc/init.d/apparmor
/etc/rcS.d/K88apparmor
/etc/systemd/system/apparmor.service
/etc/systemd/system/sysinit.target.wants/apparmor.service
/usr/lib/x86_64-linux-gnu/libapparmor.so.1
/usr/lib/x86_64-linux-gnu/libapparmor.so.1.6.3
/usr/share/doc/libapparmor1
/usr/share/doc/libapparmor1/changelog.Debian.gz
/usr/share/doc/libapparmor1/copyright
/usr/src/linux-headers-5.10.0-9-amd64/include/config/default/security/apparmor.h
/usr/src/linux-headers-5.10.0-9-amd64/include/config/security/apparmor
/usr/src/linux-headers-5.10.0-9-amd64/include/config/security/apparmor.h
/usr/src/linux-headers-5.10.0-9-amd64/include/config/security/apparmor/hash
/usr/src/linux-headers-5.10.0-9-amd64/include/config/security/apparmor/hash.h
/usr/src/linux-headers-5.10.0-9-amd64/include/config/security/apparmor/hash/default.h
/var/cache/apparmor
/var/cache/apparmor/c08a2770.0
/var/cache/apparmor/c08a2770.0/.features
/var/cache/apparmor/c08a2770.0/lsb_release
/var/cache/apparmor/c08a2770.0/nvidia_modprobe
/var/cache/apparmor/c08a2770.0/usr.bin.man
/var/lib/dpkg/info/apparmor.list
/var/lib/dpkg/info/apparmor.postrm
/var/lib/dpkg/info/libapparmor1:amd64.list
/var/lib/dpkg/info/libapparmor1:amd64.md5sums
/var/lib/dpkg/info/libapparmor1:amd64.shlibs
/var/lib/dpkg/info/libapparmor1:amd64.symbols
/var/lib/dpkg/info/libapparmor1:amd64.triggers
/var/lib/systemd/deb-systemd-helper-enabled/apparmor.service.dsh-also
/var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/apparmor.service
/var/lib/systemd/deb-systemd-helper-masked/apparmor.service
root@chimaera:~# 

See what I am referring to?

Then there's what happens when you add apparmor=0 to the kernel command line.
Only the ascii VM reports it as being disabled:

groucho@dev-pihole:~$ sudo dmesg | grep AppArmor
[    0.286356] AppArmor: AppArmor disabled by boot time parameter
groucho@dev-pihole:~$ 

The chimaera VM does not:

root@chimaera:~# dmesg | grep AppArmor
root@chimaera:~# 

Not does the ascii installation with the backported kernel:

groucho@devuan:~$ sudo dmesg | grep AppArmor
groucho@devuan:~$ 

I fail to see what an apparmor library has to do with dbus.
Or why the chimaera file system has acquired all these apparmor related files if it is not installed or has been purged.

Anyone know or have comments about this?

Thanks in advance.

Best,

A.

Last edited by Altoid (2021-12-28 13:08:16)

Offline

#8 2021-12-28 13:14:26

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Altoid wrote:

Why is there a dbus dependency on libapparmor1?

Because the dbus package has been built with AppArmor support enabled for architectures that support it:

https://salsa.debian.org/utopia-team/db … re.ac#L200

The AppArmor libraries won't ever be used if AppArmor is disabled so you should be able to remove them manually without breaking your system if you're that bothered by them.


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#9 2021-12-28 15:02:46

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Head_on_a_Stick wrote:

Because the dbus package has been built with AppArmor support ...

I see.

Head_on_a_Stick wrote:

... AppArmor libraries won't ever be used if AppArmor is disabled ...
... should be able to remove them manually ...

Sure.
I know well enough not to muck with stuff in /etc so I will let that be for the moment.

But it isn't so much that I'm bothered by them.
I'm bothered by the fact that they are quite obviously* apparmor files and not dbus files.
* /etc/apparmor/*, /etc/apparmor.d/*, /etc/apparmor/init/*

In my "non-expert/developer/programmer" opinion, they should not be there unless apparmor is actually installed and enabled.
ie: What do I need them there for? They got there because apparmor is installed and enabled by default.

How come they are not removed/purged when apparmor is removed?

apparmor and tomoyo should not be foisted onto your installation unless you actually want to install them.

I have the idea that something is not right here.
For whatever reason it reminds me of how MS wove IE into Windows 95 so as to make it almost inoperable if it was pulled out*.
* to be able to choose an alternate browser. 

Eventually MS were found out and exposed, but by then the damage was already done.

Thanks for your input.

Best,

A.

Last edited by Altoid (2021-12-28 20:10:01)

Offline

#10 2021-12-28 16:53:26

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Altoid wrote:

I'm bothered by the fact that they are quite obviously* apparmor files and not dbus files.
* /etc/apparmor/*, /etc/apparmor.d/*, /etc/apparmor/init/*

See https://wiki.debian.org/WhereIsIt#A.22I … g_to.3F.22 to find out which package(s) own(s) those files.

Altoid wrote:

they should not be there unless apparmor is actually installed and enabled.
ie: What do I need them there for?

Debian make several separate packages so that you can uninstall the main apparmor package without breaking the dependency chain for packages that make use of those files if AppArmor is enabled. Arch lump everything together in their apparmor package so in that distribution you *must* have the AppArmor user space utilities installed to satisfy the dependencies of any packages that are compiled with support. This is not the case in Debian, which seems like an improvement to me.

It is important to note here that the AppArmor functionality is actually provided by the kernel itself so if you really want to be rid of it you'll have to roll your own kernel with CONFIG_SECURITY_APPARMOR disabled. The apparmor package only provides the user space utilities to control the kernel space functionality.

Reference: https://www.kernel.org/doc/html/v5.10/a … armor.html

Last edited by Head_on_a_Stick (2021-12-28 17:08:51)


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#11 2021-12-28 19:01:31

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Head_on_a_Stick wrote:

See ...
... which package(s) own(s) those files.

Thanks for the link.
Quite useful.

Head_on_a_Stick wrote:

Debian make several separate packages ...
Arch lump everything together in their apparmor package ...
... *must* have the AppArmor user space utilities installed ...
... not the case in Debian, which seems like an improvement to me.

I'm not in a situation to argue for or against.

But to me it seems like an unwarranted excess on behalf of the Debian crew.

Just like having apparmor installed and enabled by default.
Or ignoring the fact that it is disabled in the kernel command line to reinstall and enable it again when upgrading the kernel.
But Poettering seems to be in charge, so I'm not at all surprised.

My point is that if you want to install apparmor, then do it installing all the needed dependencies/utilities with it.
No need to fill up the system with files I won't be using.

It's like going to the cinema with a bathing trunk under my trousers.
Just in case I decide to go for a swim at the beach.
The nearest one being 400 km. away.

Head_on_a_Stick wrote:

... the AppArmor functionality is actually provided by the kernel itself ...

I'm quite aware of that.

Thank you very much for taking the time to explain this. 8^ )

Best,

A.

Last edited by Altoid (2021-12-28 19:02:55)

Offline

#12 2021-12-28 19:08:18

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Altoid wrote:

But Poettering seems to be in charge

Don't be silly. Massive, faceless, psychopathic corporate entities took control of the kernel quite some time ago.

https://linuxfoundation.org/our-members … erpower-2/


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#13 2021-12-28 22:59:01

Altoid
Member
Registered: 2017-05-07
Posts: 1,045  

Re: [SOLVED] Devuan Beowulf: can't get rid of AppArmor

Hello:

Head_on_a_Stick wrote:
Altoid wrote:

But Poettering seems to be in charge

Don't be silly.

Tsk, tsk ...
No name calling ... 8^D !!!   

Altoid wrote:

But Poettering massive, faceless, psychopathic corporate entities seem to be in charge.

Better?
So, if not Potty, then it is the MFPCEs but the issue (for me) stands.

ie:
You don't go to the cinema with a bathing trunk under your trousers, just in case you decide to go for a swim at the beach, 400 km. away.

Whoever decided this apparmor setup is a dick should seriously reconsider.

Thanks for taking the time to explain all this and for the humour.

Best,

A.

Last edited by Altoid (2021-12-30 12:32:04)

Offline

Board footer