You are not logged in.
- Topics: Active | Unanswered
#1 2024-01-29 21:49:22
- Funny0facer
- Member
- From: Germany
- Registered: 2022-12-03
- Posts: 159
[SOLVED] Is "integrity" needed for AppArmor to work?
Hi, I try to understand this topic better.
I am a little confused,
[me@myhost ~]$ zgrep CONFIG_LSM= /proc/config.gz
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"I boot with GRUB using this:
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 lsm=landlock,lockdown,yama,integrity,apparmor,bpf"
But I still miss integrity here:
[me@myhost ~]$ cat /sys/kernel/security/lsm
capability,landlock,lockdown,yama,apparmor,bpfaa-status tells me, apparmor is loaded. So, is integrity actually needed as suggested in https://wiki.archlinux.org/title/AppArmor#Installation ?
And is integrity supposed to be active or did I miss something?
Thanks!
Last edited by Funny0facer (2024-01-30 20:35:00)
Offline
#2 2024-01-30 19:00:37
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,490
Re: [SOLVED] Is "integrity" needed for AppArmor to work?
No, integrity is not needed for apparmor. The wiki probably recommends the generic list of LSM for it to be universal for different system configurations.
If your aa-status shows up it loaded fine, that's it. Additionally check the apparmor.service loaded successfully, this can fail sometimes but that only means some app profile did not initialize correctly (and is tricky to troubleshoot). If you start an app and it shows up as enforced in status, that's what counts.
Offline
#3 2024-01-30 20:34:48
- Funny0facer
- Member
- From: Germany
- Registered: 2022-12-03
- Posts: 159
Offline