You are not logged in.
I set up AppArmor according to:
https://wiki.archlinux.org/index.php/AppArmor
including enabling the audit framework:
https://wiki.archlinux.org/index.php/Audit_framework
Now when I run sudo apparmor_status, the output is:
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.I expected some profiles to be enabled. Additionally, the wiki provides instructions into how to create profiles. But how do I go about finding and installing AppArmor profiles for common programs created by others?
More info:
Output of dmesg | grep -i apparmor
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=f3457d89-2db3-4a19-89a5-22e176fd9f2c rw loglevel=3 quiet apparmor=1 security=apparmor audit=1
[ 0.256015] Kernel command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=f3457d89-2db3-4a19-89a5-22e176fd9f2c rw loglevel=3 quiet apparmor=1 security=apparmor audit=1
[ 0.400538] AppArmor: AppArmor initialized
[ 0.458305] AppArmor: AppArmor Filesystem Enabled
[ 0.458307] audit: type=1400 audit(1575920704.100:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
[ 0.714214] AppArmor: AppArmor sha1 policy hashing enabled
[ 0.714218] audit: type=1400 audit(1575920704.359:5): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0"
[ 3.340248] systemd[1]: systemd 244-1-arch running in system mode. (+PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)Offline
Show:
systemctl status apparmorIf it's disabled then try:
systemctl enable --now apparmorOffline