You are not logged in.
Pages: 1
I have followed the wiki: https://wiki.archlinux.org/title/AppArmor
I use stock Linux kernel. Have installed the apparmor package and enabled it at startup with systemctl.
Added kernel parameters first: lsm=landlock,lockdown,yama,integrity,apparmor,bpf
Then since it didn't work I also added: apparmor=1 security=apparmor since the use of that is hinted here: https://docs.kernel.org/admin-guide/LSM/apparmor.html
When I run aa-enabled it tells me "No - disabled at boot.".
$ cat /sys/kernel/security/lsm
capability,landlock,lockdown,yama,bpf
So it seems that the apparmor kernel parameter has not been set at boot. But why?
SOLUTION:
As suggested by helpful user below the kernel parameters had not been set. I use UEFI directly with efistub/efibootmgr and it seems like my UEFI is a bit faulty. Managed to get it to work with some tries.
Last edited by tobbebobbe (2024-03-04 16:37:59)
Offline
security=apparmor is deprecated and should not be used since it will mess up the lsm parameter. apparmor=1 is useless as it's enabled by default and, IIRC, the parameter was even removed.
If /sys/kernel/security/lsm doesn't show apparmor, then you didn't set the kernel parameter correctly.
Which boot loader do you use? What's the output of:
$ cat /proc/cmdline
Offline
Pages: 1