The officially official Devuan Forum!

You are not logged in.

#26 2022-11-02 21:53:54

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 779  

Re: How disable apparmor?

I have "security=none" and

stuga% cat /sys/kernel/security/lsm ; echo
lockdown,capability,yama

i.e., "yama" belongs to the unavoidable default collection of Linux Security Modules
https://kernsec.org/wiki/index.php/Projects

Offline

#27 2022-11-02 23:55:29

andyp67
Member
Registered: 2022-10-30
Posts: 87  

Re: How disable apparmor?

purge uninstall it
dpkg -P apparmor
I go no complaints at all whatsoever.
And copied the apparmor deb off the install media to my /root, so I got it at hand.
I today installed Chimaera minimal and kept apparmor on it and did a refractasnapshot-base live and put xserver-xorg-core on that.
I may have installed libapparmor1 for something, been busy.
Try it.

Offline

#28 2022-11-03 00:18:55

andyp67
Member
Registered: 2022-10-30
Posts: 87  

Re: How disable apparmor?

One more thing,
I don't have apparmor on my box and it ain't broke at all whatsoever.
I also dpkg --force-all -P elogind libelogind0 libpam-elogind libpolkit-agent-1-0 libpolkit-gobject-1-0 libpolkit-gobject-elogind-1-0 policykit-1 policykit-1-gnome
and then I apt-get download or dpkg -i libsystemd0
and it ain't broke at all whatsoever.
Did it today, Chimaera clean install, updates, security & updates & main, & kernel.
Previously I have played around with a live that I have made with refractasnapshot-base.
So I made a minimal console live, then on that live I put xserver-xorg-core etc which pulls in elogind etc. which I have purged and put libsystemd0 and checked apt-get and no problems at all.
I then put full-fat browser on which pulled in elogind again and I purged it again and browser quite fine.
I'm not saying what I do is correct but if supremely strict apt-get doesn't reply with a headache that's good.
Thank you.
I think apparmor and elogind are in the same barrel.

Offline

#29 2022-11-03 00:50:11

andyp67
Member
Registered: 2022-10-30
Posts: 87  

Re: How disable apparmor?

I think this is the defacto or only way to do this;
I just done the above and could not startx from user, I forgot,
install xserver-xorg-legacy (provides suid root wrapper;)
then edit
/etc/X11/Xwrapper.config
allowed_users=anybody
needs_root_rights=yes

Offline

#30 2022-11-03 01:01:14

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,737  

Re: How disable apparmor?

I think elogind is better than running X under root.

Doesn't seatd work in chimeara? I can get a Wayland session under Alpine with just that running. EDIT: with sway anyway.

Last edited by Head_on_a_Stick (2022-11-03 01:01:48)


"Who's the idiot in charge?" — ralph.ronnquist

Offline

#31 2022-11-03 02:33:31

andyp67
Member
Registered: 2022-10-30
Posts: 87  

Re: How disable apparmor?

Xwrapper.config running X as user

Offline

#32 2022-11-03 05:58:36

GlennW
Member
Registered: 2019-07-18
Posts: 300  

Re: How disable apparmor?

So if i use security=none it should only be for SELinux, Smack, Tomoyo, and AppArmor ?

I think they are all kernel "security" modules. That way you can leave out the apparmor=on/off command from the boot line.

I don't know if there are any others.

Offline

Board footer