The officially official Devuan Forum!

You are not logged in.

#26 2022-11-02 21:53:54

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 1,107  

Re: How disable apparmor?

I have "security=none" and

stuga% cat /sys/kernel/security/lsm ; echo
lockdown,capability,yama

i.e., "yama" belongs to the unavoidable default collection of Linux Security Modules
https://kernsec.org/wiki/index.php/Projects

Online

#27 2022-11-02 23:55:29

andyp67
Member
Registered: 2022-10-30
Posts: 228  

Re: How disable apparmor?

purge uninstall it
dpkg -P apparmor
I go no complaints at all whatsoever.
And copied the apparmor deb off the install media to my /root, so I got it at hand.
I today installed Chimaera minimal and kept apparmor on it and did a refractasnapshot-base live and put xserver-xorg-core on that.
I may have installed libapparmor1 for something, been busy.
Try it.

Offline

#28 2022-11-03 00:18:55

andyp67
Member
Registered: 2022-10-30
Posts: 228  

Re: How disable apparmor?

One more thing,
I don't have apparmor on my box and it ain't broke at all whatsoever.
I also dpkg --force-all -P elogind libelogind0 libpam-elogind libpolkit-agent-1-0 libpolkit-gobject-1-0 libpolkit-gobject-elogind-1-0 policykit-1 policykit-1-gnome
and then I apt-get download or dpkg -i libsystemd0
and it ain't broke at all whatsoever.
Did it today, Chimaera clean install, updates, security & updates & main, & kernel.
Previously I have played around with a live that I have made with refractasnapshot-base.
So I made a minimal console live, then on that live I put xserver-xorg-core etc which pulls in elogind etc. which I have purged and put libsystemd0 and checked apt-get and no problems at all.
I then put full-fat browser on which pulled in elogind again and I purged it again and browser quite fine.
I'm not saying what I do is correct but if supremely strict apt-get doesn't reply with a headache that's good.
Thank you.
I think apparmor and elogind are in the same barrel.

Offline

#29 2022-11-03 00:50:11

andyp67
Member
Registered: 2022-10-30
Posts: 228  

Re: How disable apparmor?

I think this is the defacto or only way to do this;
I just done the above and could not startx from user, I forgot,
install xserver-xorg-legacy (provides suid root wrapper;)
then edit
/etc/X11/Xwrapper.config
allowed_users=anybody
needs_root_rights=yes

Offline

#30 2022-11-03 01:01:14

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: How disable apparmor?

I think elogind is better than running X under root.

Doesn't seatd work in chimeara? I can get a Wayland session under Alpine with just that running. EDIT: with sway anyway.

Last edited by Head_on_a_Stick (2022-11-03 01:01:48)


Brianna Ghey — Rest In Power

Offline

#31 2022-11-03 02:33:31

andyp67
Member
Registered: 2022-10-30
Posts: 228  

Re: How disable apparmor?

Xwrapper.config running X as user

Offline

#32 2022-11-03 05:58:36

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: How disable apparmor?

So if i use security=none it should only be for SELinux, Smack, Tomoyo, and AppArmor ?

I think they are all kernel "security" modules. That way you can leave out the apparmor=on/off command from the boot line.

I don't know if there are any others.


pic from 1993, new guitar day.

Offline

#33 2023-03-10 20:08:49

humpty
Member
Registered: 2023-03-10
Posts: 2  

Re: How disable apparmor?

Altoid wrote:

..
But then you upgrade the kernel and there it is again.
..What I always do is purge apparmor after the upgrade..
A.

What about holding the package;  sudo apt-mark hold apparmor

or even pinning it ?

Would the upgrade still go through ?

Offline

#34 2023-03-10 20:53:02

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: How disable apparmor?

Hello:

humpty wrote:
Altoid wrote:

..
But then you upgrade the kernel and there it is again.
What I always do is purge apparmor after the upgrade..
A.

What about holding the package;  sudo apt-mark hold apparmor
or even pinning it ?

Would the upgrade still go through ?

Hmm ...
No idea.
Have not tried it but I don't see (?) why it shouldn't.

Yes, I guess I could pin it.
ie: the same way I do with pulseaudio and see what happens on the next upgrade.

Bear in mind that there are other apparmor related libraries which are/may be needed by other packages.

eg: libapparmor1

~$ aptitude why libapparmor1
i   stress-ng Depends libapparmor1 (>= 2.10)
~$ 

Edit:

It seems that there's more than stress-ng involved with libapparmor1.

~$ aptitude why libapparmor1
i   slim Depends dbus                    
i A dbus Depends libapparmor1 (>= 2.8.94)
~$

---> Very strange all this did not show up on my previous query to aptitude. <---

I have not used stress-ng in years, so I might as well get rid of it. and solve the issue.

We'll see how the pinning goes.

Best,

A.

Last edited by Altoid (2023-03-10 21:59:13)

Offline

#35 2023-03-11 18:00:01

humpty
Member
Registered: 2023-03-10
Posts: 2  

Re: How disable apparmor?

Altoid wrote:

---> Very strange all this did not show up on my previous query to aptitude. <---
A.

Yeh, I noticed that too, aptitude 'why' seems to only show the first one it finds.
This one is more useful;

apt-cache --installed rdepends dbus

and since a boat load of stuff depends on that list,
aptitude purge libapparmor1 (n) (don't press enter)
suggests about 100 others to remove.

Offline

Board footer