You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is this the right place for my bug report?
Yes, according to this answer to my question on Buster bug report thread
Describe the bug
Pi4 board with Raspian Buster => apparmor module is not loaded
To reproduce
Add apparmor-utils then do sudo aa-status
Result is apparmor module is not loaded for RPi4 board
Result is apparmor module is loaded, 18 profiles are loaded ... for Rasperry Pi Desktop VM
Expected behaviour
Apparmor module should be loaded and enabled without any special action
Actual behaviour
Apparmor module is not loaded and can't be, even if modifications are made to enable the service, with or without adding apparmor=1 and security=apparmor to cmdline.txt or config.txt
sudo systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Thu 2019-08-29 18:37:31 CEST; 1min 5s ago
└─ ConditionSecurity=apparmor was not met
It looks like the modules aren't in the Linux kernel. The config has
CONFIG_EXT4_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
# CONFIG_F2FS_FS_SECURITY is not set
CONFIG_UBIFS_FS_SECURITY=y
# CONFIG_9P_FS_SECURITY is not set
# Security options
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
with no mention of APPARMOR.
System
Which model of Raspberry Pi? e.g. Pi3B+, PiZeroW
Raspberry Pi 4 Model B
Which OS and version (cat /etc/rpi-issue)?
Raspberry Pi reference 2019-07-10
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, 175dfb027ffabd4b8d5080097af0e51ed9a4a56c, stage5
Which firmware version (vcgencmd version)?
Aug 15 2019 12:03:51
Copyright (c) 2012 Broadcom
version 9f8431fb7839c7f00f52b81f5822ddab2b31d0db (clean) (release) (start)
Which kernel version (uname -a)?
Linux Paris 4.19.66-v7l+ crash on 4.1.15 #1253 SMP Thu Aug 15 12:02:08 BST 2019 armv7l GNU/Linux
Logs
dmesg | grep apparmor
[ 0.000000] Kernel command line: coherent_pool=1M 8250.nr_uarts=0 cma=64M cma=256M video=HDMI-A-1:1920x1080@60 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 console=tty1 root=PARTUUID=b46da0c8-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles usbhid.mousepoll=0 apparmor=1 security=apparmor
(Adding the apparmor properties at end of line is useless)
Additional context
The problem does not exists with a VM running Raspberry Pi Desktop and full-upgrade. For Pi4 board, a full-ugrade says nothing to update.
Best regards
Pulsar33
The text was updated successfully, but these errors were encountered:
Is this the right place for my bug report?
Yes, according to this answer to my question on Buster bug report thread
Describe the bug
Pi4 board with Raspian Buster => apparmor module is not loaded
To reproduce
Add apparmor-utils then do sudo aa-status
Result is apparmor module is not loaded for RPi4 board
Result is apparmor module is loaded, 18 profiles are loaded ... for Rasperry Pi Desktop VM
Expected behaviour
Apparmor module should be loaded and enabled without any special action
Actual behaviour
Apparmor module is not loaded and can't be, even if modifications are made to enable the service, with or without adding apparmor=1 and security=apparmor to cmdline.txt or config.txt
sudo systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Thu 2019-08-29 18:37:31 CEST; 1min 5s ago
└─ ConditionSecurity=apparmor was not met
It looks like the modules aren't in the Linux kernel. The config has
CONFIG_EXT4_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
# CONFIG_F2FS_FS_SECURITY is not set
CONFIG_UBIFS_FS_SECURITY=y
# CONFIG_9P_FS_SECURITY is not set
# Security options
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
with no mention of APPARMOR.
System
Which model of Raspberry Pi? e.g. Pi3B+, PiZeroW
Raspberry Pi 4 Model B
Which OS and version (
cat /etc/rpi-issue)?Raspberry Pi reference 2019-07-10
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, 175dfb027ffabd4b8d5080097af0e51ed9a4a56c, stage5
Which firmware version (
vcgencmd version)?Aug 15 2019 12:03:51
Copyright (c) 2012 Broadcom
version 9f8431fb7839c7f00f52b81f5822ddab2b31d0db (clean) (release) (start)
Which kernel version (
uname -a)?Linux Paris 4.19.66-v7l+ crash on 4.1.15 #1253 SMP Thu Aug 15 12:02:08 BST 2019 armv7l GNU/Linux
Logs
dmesg | grep apparmor
[ 0.000000] Kernel command line: coherent_pool=1M 8250.nr_uarts=0 cma=64M cma=256M video=HDMI-A-1:1920x1080@60 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 dwc_otg.lpm_enable=0 console=ttyS0,115200 console=tty1 root=PARTUUID=b46da0c8-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles usbhid.mousepoll=0 apparmor=1 security=apparmor
(Adding the apparmor properties at end of line is useless)
Additional context
The problem does not exists with a VM running Raspberry Pi Desktop and full-upgrade. For Pi4 board, a full-ugrade says nothing to update.
Best regards
Pulsar33
The text was updated successfully, but these errors were encountered: