Apparmor Installation Problems

wrenb · 2026-06-09 18:19:29

I'm trying to install apparmor on my system, I read the wiki and followed the steps exactly and when I check if it's enabled it says "No - disabled at boot."
The only thing I can think of that could be causing the problem is that I couldn't find apparmor-utils in the repos so I skipped that step.
I've been trying for a few days to figure this out, I've read the wiki, forums, external guides and I keep having the same problem.

Lone_Wolf · 2026-06-10 11:50:12

apparmor-utils is not mentioned on https://wiki.archlinux.org/title/AppArmor and also not a package in repos or AUR .

Debian and ubuntu do have an apparmor-utils package but they tend to split things into multiple pacakges where archlinux just has one package.

Please post the output of aa-status .
Run (as root/with root rights))

# journalctl -b > journal_wrenb.txt
# curl --upload-file 'journal_wrenb.txt' 'https://paste.c-net.org/'

The last command will output a link, post that link.

Welcome to archlinux forums

killertofus · 2026-06-10 20:31:51

sudo journalctl -b | curl -s -H "Accept: application/json, */*" --upload-file - 'https://paste.c-net.org/'

1 liner

Last edited by killertofus (2026-06-10 21:13:02)

wrenb · 2026-06-11 02:09:20

Lone_Wolf wrote:

apparmor-utils is not mentioned on https://wiki.archlinux.org/title/AppArmor and also not a package in repos or AUR .
Debian and ubuntu do have an apparmor-utils package but they tend to split things into multiple pacakges where archlinux just has one package.
Please post the output of aa-status .
Run (as root/with root rights))
# journalctl -b > journal_wrenb.txt
# curl --upload-file 'journal_wrenb.txt' 'https://paste.c-net.org/'
The last command will output a link, post that link.
Welcome to archlinux forums

aa-status:

apparmor module is loaded.
apparmor filesystem is not mounted.

jounalctl output: https://paste.c-net.org/DecodeAdieu

Lone_Wolf · 2026-06-11 09:20:39

Jun 10 20:05:05 arch systemd[1]: Load AppArmor profiles skipped, unmet condition check ConditionSecurity=apparmor

Please post the output of

$ systemctl status apparmor.service

also add the lsm kernel parameter to your boot command line , see https://wiki.archlinux.org/title/AppArmor#Installation .

wrenb · 2026-06-11 20:23:52

Lone_Wolf wrote:

Jun 10 20:05:05 arch systemd[1]: Load AppArmor profiles skipped, unmet condition check ConditionSecurity=apparmor
Please post the output of
$ systemctl status apparmor.service
also add the lsm kernel parameter to your boot command line , see https://wiki.archlinux.org/title/AppArmor#Installation .

I did add the lsm parameter. maybe I was doing it wrong though?
I edited /etc/default/grub and added the kernel parameters to GRUB_CMDLINE_LINUX_DEFAULT
I then ran

# grub-mkconfig -o /boot/grub/grub.cfg

sysctl status:

○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/us
r/lib/systemd/system/apparmor.service; enabled; preset: 
disabled)
     Active: inactive (dead)
  Condition: start condition unmet at Thu 2026-06-11 13:25:24 M
DT; 52min ago
             └─ ConditionSecurity=apparmor was not met
       Docs: man:apparmor(7)
             https://gitlab
.com/apparmor/apparmor/wikis/home/

Last edited by wrenb (2026-06-11 20:25:04)

Lone_Wolf · Yesterday 09:52:40

So still same error message.

Let's check the basics

$ cat /proc/cmdline
$ zgrep CONFIG_SECURITY_APPARMOR= /proc/config.gz
$ zgrep CONFIG_AUDIT= /proc/config.gz
$ zgrep CONFIG_LSM= /proc/config.gz

Also try running /lib/apparmor/apparmor.systemd reload from a root terminal* and copy the output.

* sudo rights may not be enough to run this, use su - if you want do this in a graphical terminal .

wrenb · Yesterday 19:32:41

Lone_Wolf wrote:

So still same error message.
Let's check the basics
$ cat /proc/cmdline
$ zgrep CONFIG_SECURITY_APPARMOR= /proc/config.gz
$ zgrep CONFIG_AUDIT= /proc/config.gz
$ zgrep CONFIG_LSM= /proc/config.gz
Also try running /lib/apparmor/apparmor.systemd reload from a root terminal* and copy the output.

I couldn't run /lib/apparmor/apparmor.systemd reload with sudo or su in both a graphical terminal and a tty

cmdline:

cryptdevice=UUID=f4fa744d-e2a2-49d2-8fd2-f50d0b138563:cryptlvm root=/dev/ArchinstallVg/root zswap.enabled=0 rootflags=subvol=@ rw rootfstype=btrfs

zgreps:

CONFIG_SECURITY_APPARMOR=y
CONFIG_AUDIT=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"

that last one seems weird because in my grub config I have

lsm=landlock,lockdown,yama,integrity,apparmor,bpf

Lone_Wolf · Yesterday 20:33:54

The zgreps use information from the running kernel and are the same as on my system with linux kernel from repos.
The output of /proc/cmdline doesn't show the lsm= addition, so there may be something wrong with the usage of /etc/default/grub .

According to https://wiki.archlinux.org/title/Kernel_parameters#GRUB you can use e on the grub menu to manually change the commandline, try adding the lsm= stuff there.

Arch Linux

#1 2026-06-09 18:19:29

Apparmor Installation Problems

#2 2026-06-10 11:50:12

Re: Apparmor Installation Problems

#3 2026-06-10 20:31:51

Re: Apparmor Installation Problems

#4 2026-06-11 02:09:20

Re: Apparmor Installation Problems

#5 2026-06-11 09:20:39

Re: Apparmor Installation Problems

#6 2026-06-11 20:23:52

Re: Apparmor Installation Problems

#7 Yesterday 09:52:40

Re: Apparmor Installation Problems

#8 Yesterday 19:32:41

Re: Apparmor Installation Problems

#9 Yesterday 20:33:54

Re: Apparmor Installation Problems

Board footer