[apparmor] 2.5.1 build failure on Arch

andrew thomas atswartz at gmail.com
Tue Oct 19 17:50:00 BST 2010 

  On 10/18/2010 11:49 AM, John Johansen wrote:
> On 10/15/2010 09:48 PM, andrew thomas wrote:
>> I am trying to build 2.5.1 on Arch Linux and am getting an error similar to this build:
>>
>> http://launchpadlibrarian.net/57686487/buildlog_ubuntu-natty-amd64.apparmor_2.5.1-0ubuntu1_FAILEDTOBUILD.txt.gz
>>
>> It gets through autogen, configure, and make in libapparmor.
>>
>> Then make in utils, but fails make in parser.
>>
>> Here is the tail end from
>>
>> $ cd parser&&   /usr/bin/make
>>
>> http://pastebin.ubuntu.com/514290/
>>
>> The error message does state that: Kernel needs AppArmor 2.4 compatibility patch.
>>
>> But, I believe that I applied the proper patches to the kernel.
>>
>> Any ideas?
>>
> Hey Andrew it actually built but is failing during the caching function tests.  These are run against the current kernel, and it isn't finding the AppArmor 2.4 interface.
>
> You can test for your self by looking for the file /sys/kernel/security/apparmor/profiles if it doesn't exist you don't have the AppArmor 2.4 compatibility patch on your kernel.
>
> The patch isn't actually necessary but several things will not work if it is not present.  The parser won't do compiled policy caching, the init scripts won't work, and aa-status and a few other commands won't work either.
> Basically anything that requires introspection of the load policy or supported kernel features doesn't work correctly.  Every thing else should.
>
> If you are building 2.5.1 on a buildd with a kernel that doesn't support the AppArmor 2.4 interface, then I suggest you disable the test in the Makefile with a small patch.
>
>
I did look in /sys/kernel/security and it is empty.  When I compiled the 
kernel, I applied these two patches ( http://pastebin.ubuntu.com/515768/ 
& http://pastebin.ubuntu.com/515769/  ) that originally were 
ubuntu-maverick.git-0d8f737f1c8ad8415b3d5589caf63dee3c1b3d6f.patch & 
ubuntu-maverick.git-8cb3e0f8ad669be1e2027cbafb58fa7cd1928f76.patch 
which  I  modified so they also created security/apparmor/include/net.h 
& security/apparmor/net.c and would apply cleanly. When I use this on 
natty to compile the kernel, apparmor (2.5.1~rc1) works as expected, but 
when I compile on ArchLinux, using the natty-git source, 
/sys/kernel/security is empty.  Any clues to what I am doing wrong? 
Trying to get apparmor to work on arch may be beyond my abilities, I am 
sorry if I am wasting your time.

Thanks, Andrew

More information about the AppArmor mailing list