AppArmor / Selinux conflict

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AppArmor / Selinux conflict

Antonio Carretero Barroso
Hi list, 

I uninstalled apparmor but still is initialized and the system can't enable SELinux. 

# dpkg -s apparmor 
dpkg-query: package 'apparmor' is not installed and no information is available 
Use dpkg --info (= dpkg-deb --info) to examine archive files, 
and dpkg --contents (= dpkg-deb --contents) to list their contents.  
 
kernel: [    0.004000] AppArmor: AppArmor initialized 
kernel: [    0.157081] AppArmor: AppArmor Filesystem Enabled  

 --------- 
SELinux 
# systemctl status selinux 
● selinux.service - LSB: Relabel the filesystem before reboot 
   Loaded: loaded (/etc/init.d/selinux; generated) 
   Active: active (exited) since Tue 2019-02-05 12:15:59 CET; 8min ago 
     Docs: man:systemd-sysv-generator(8) 
  Process: 1139 ExecStart=/etc/init.d/selinux start (code=exited, status=0/SUCCESS) 

# sestatus 
SELinux status:                 disabled 


Anyone knows why could be?

Thanks,

Best regards, Toni.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: AppArmor / Selinux conflict

Oliver Grawert
hi,
Am Dienstag, den 05.02.2019, 14:06 +0100 schrieb Antonio Carretero
Barroso:
> Hi list, 
>
> I uninstalled apparmor but still is initialized and the system can't
> enable SELinux. 
>
not sure what you mean by "i uninstalled..." 

apparmor (as well as selinux) is a kernel feature, you can only en-
disable it on the kernel boot cmdline, no matter if you en/disable or
remove the userspace tools:

https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/apparmor.html

apparmor as well as selinux userspace tools will detect if you have
turned on one or the other at boot inn the kernel and disable
themselves accordingly, you do not need to remove any debs ...

also note that many bits in ubuntu make use of apparmor and you might
end up with reduced security and functionality...

ciao
        oli

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AppArmor / Selinux conflict

Antonio Carretero Barroso
yes Oliver, you're right, it was my mistake... I mean disable. 

I forgot put the apparmor=0 for the boot.

Now it's working. Thanks.


El mar., 5 feb. 2019 a las 15:18, Oliver Grawert (<[hidden email]>) escribió:
hi,
Am Dienstag, den 05.02.2019, 14:06 +0100 schrieb Antonio Carretero
Barroso:
> Hi list, 
>
> I uninstalled apparmor but still is initialized and the system can't
> enable SELinux. 
>
not sure what you mean by "i uninstalled..." 

apparmor (as well as selinux) is a kernel feature, you can only en-
disable it on the kernel boot cmdline, no matter if you en/disable or
remove the userspace tools:

https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/apparmor.html

apparmor as well as selinux userspace tools will detect if you have
turned on one or the other at boot inn the kernel and disable
themselves accordingly, you do not need to remove any debs ...

also note that many bits in ubuntu make use of apparmor and you might
end up with reduced security and functionality...

ciao
        oli
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users