Arch Linux

wrenb

Member

Registered: 2026-06-09

Posts: 5

Apparmor Installation Problems

I'm trying to install apparmor on my system, I read the wiki and followed the steps exactly and when I check if it's enabled it says "No - disabled at boot."
The only thing I can think of that could be causing the problem is that I couldn't find apparmor-utils in the repos so I skipped that step.
I've been trying for a few days to figure this out, I've read the wiki, forums, external guides and I keep having the same problem.

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 15,089

Re: Apparmor Installation Problems

apparmor-utils is not mentioned on https://wiki.archlinux.org/title/AppArmor and also not a package in repos or AUR .

Debian and ubuntu do have an apparmor-utils package but they tend to split things into multiple pacakges where archlinux just has one package.

Please post the output of aa-status .
Run (as root/with root rights))

# journalctl -b > journal_wrenb.txt
# curl --upload-file 'journal_wrenb.txt' 'https://paste.c-net.org/'

The last command will output a link, post that link.

Welcome to archlinux forums

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

killertofus

Member

Registered: 2025-02-10

Posts: 186

Re: Apparmor Installation Problems

sudo journalctl -b | curl -s -H "Accept: application/json, */*" --upload-file - 'https://paste.c-net.org/' 

1 liner

Last edited by killertofus (2026-06-10 21:13:02)

---

I Have Linux Perl Can i Download Gnome???

wrenb

Member

Registered: 2026-06-09

Posts: 5

Re: Apparmor Installation Problems

apparmor-utils is not mentioned on https://wiki.archlinux.org/title/AppArmor and also not a package in repos or AUR .

Debian and ubuntu do have an apparmor-utils package but they tend to split things into multiple pacakges where archlinux just has one package.

Please post the output of aa-status .
Run (as root/with root rights))

# journalctl -b > journal_wrenb.txt
# curl --upload-file 'journal_wrenb.txt' 'https://paste.c-net.org/'

The last command will output a link, post that link.

Welcome to archlinux forums

aa-status:

apparmor module is loaded.
apparmor filesystem is not mounted.

jounalctl output: https://paste.c-net.org/DecodeAdieu

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 15,089

Re: Apparmor Installation Problems

Jun 10 20:05:05 arch systemd[1]: Load AppArmor profiles skipped, unmet condition check ConditionSecurity=apparmor

Please post the output of

$ systemctl status apparmor.service

also add the lsm kernel parameter to your boot command line , see https://wiki.archlinux.org/title/AppArmor#Installation .

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

wrenb

Member

Registered: 2026-06-09

Posts: 5

Re: Apparmor Installation Problems

Jun 10 20:05:05 arch systemd[1]: Load AppArmor profiles skipped, unmet condition check ConditionSecurity=apparmor

Please post the output of

$ systemctl status apparmor.service

also add the lsm kernel parameter to your boot command line , see https://wiki.archlinux.org/title/AppArmor#Installation .

I did add the lsm parameter. maybe I was doing it wrong though?
I edited /etc/default/grub and added the kernel parameters to GRUB_CMDLINE_LINUX_DEFAULT
I then ran

# grub-mkconfig -o /boot/grub/grub.cfg

sysctl status:

○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/us
r/lib/systemd/system/apparmor.service; enabled; preset: 
disabled)
     Active: inactive (dead)
  Condition: start condition unmet at Thu 2026-06-11 13:25:24 M
DT; 52min ago
             └─ ConditionSecurity=apparmor was not met
       Docs: man:apparmor(7)
             https://gitlab
.com/apparmor/apparmor/wikis/home/

Last edited by wrenb (2026-06-11 20:25:04)

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 15,089

Re: Apparmor Installation Problems

So still same error message.

Let's check the basics

$ cat /proc/cmdline
$ zgrep CONFIG_SECURITY_APPARMOR= /proc/config.gz
$ zgrep CONFIG_AUDIT= /proc/config.gz
$ zgrep CONFIG_LSM= /proc/config.gz

Also try running /lib/apparmor/apparmor.systemd reload from a root terminal* and copy the output.

* sudo rights may not be enough to run this, use su - if you want do this in a graphical terminal .

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

wrenb

Member

Registered: 2026-06-09

Posts: 5

Re: Apparmor Installation Problems

So still same error message.

Let's check the basics

$ cat /proc/cmdline
$ zgrep CONFIG_SECURITY_APPARMOR= /proc/config.gz
$ zgrep CONFIG_AUDIT= /proc/config.gz
$ zgrep CONFIG_LSM= /proc/config.gz

Also try running /lib/apparmor/apparmor.systemd reload from a root terminal* and copy the output.

I couldn't run /lib/apparmor/apparmor.systemd reload with sudo or su in both a graphical terminal and a tty

cmdline:

cryptdevice=UUID=f4fa744d-e2a2-49d2-8fd2-f50d0b138563:cryptlvm root=/dev/ArchinstallVg/root zswap.enabled=0 rootflags=subvol=@ rw rootfstype=btrfs

zgreps:

CONFIG_SECURITY_APPARMOR=y
CONFIG_AUDIT=y
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf"

that last one seems weird because in my grub config I have

lsm=landlock,lockdown,yama,integrity,apparmor,bpf

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 15,089

Re: Apparmor Installation Problems

The zgreps use information from the running kernel and are the same as on my system with linux kernel from repos.
The output of /proc/cmdline doesn't show the lsm= addition, so there may be something wrong with the usage of /etc/default/grub .

According to https://wiki.archlinux.org/title/Kernel_parameters#GRUB you can use e on the grub menu to manually change the commandline, try adding the lsm= stuff there.

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

wrenb

Member

Registered: 2026-06-09

Posts: 5

Re: Apparmor Installation Problems

The zgreps use information from the running kernel and are the same as on my system with linux kernel from repos.
The output of /proc/cmdline doesn't show the lsm= addition, so there may be something wrong with the usage of /etc/default/grub .

According to https://wiki.archlinux.org/title/Kernel_parameters#GRUB you can use e on the grub menu to manually change the commandline, try adding the lsm= stuff there.

OK, that worked and aa-enabled said yes. But it doesn't seem to have persistence across reboots, is there any way to fix that? I'd rather not have to add the parameter every single time

Last edited by wrenb (2026-06-14 04:09:02)

5hridhyan

Member

Registered: 2025-12-25

Posts: 856

Website

Re: Apparmor Installation Problems

But it doesn't seem to have persistence across reboots, is there any way to fix that? I'd rather not have to add the parameter every single time

well, the wiki answers that, you have to edit /etc/default/grub and append your kernel options between the quotes in the GRUB_CMDLINE_LINUX_DEFAULT
and then automatically re generate the grub.cfg file by running

 grub-mkconfig -o /boot/grub/grub.cfg

as root

Edit:
after seeing #6 and #8, maybe there was a typo in the config? can you post the contents in that file for a sanity check?

cat /etc/default/grub

Last edited by 5hridhyan (2026-06-14 04:30:43)