[apparmor] Debian Wheezy: Profile doesn't conform to protocol
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Tue Sep 25 21:27:57 UTC 2012
I decided to give Debian Wheezy another try and see what the status of
AppArmor is. I launched a wheezy instance on EC2, did apt-get update
&& apt-get upgrade, enabled AppArmor in the kernel. But I am still
seeing the same errors as the last time I tried a month or so ago: all
profiles seem to fail (see below). Am I doing something wrong or is
AppArmor in Debian still not working?
root at domU-12-31-39-06-3C-94:~# service apparmor restart
[....] Reloading AppArmor profiles:/sbin/apparmor_parser: Unable to
replace "/bin/ping". Profile doesn't conform to protocol
Warning failed to create cache: bin.ping
/sbin/apparmor_parser: Unable to replace "/sbin/klogd". Profile
doesn't conform to protocol
Warning failed to create cache: sbin.klogd
/sbin/apparmor_parser: Unable to replace "/sbin/syslogd". Profile
doesn't conform to protocol
Warning failed to create cache: sbin.syslogd
/sbin/apparmor_parser: Unable to replace "/sbin/syslog-ng". Profile
doesn't conform to protocol
Warning failed to create cache: sbin.syslog-ng
/sbin/apparmor_parser: Unable to replace "browser_java". Profile
doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/usr/bin/R". Profile
doesn't conform to protocol
Warning failed to create cache: usr.bin.r
/sbin/apparmor_parser: Unable to replace "/usr/lib/dovecot/deliver".
Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.deliver
/sbin/apparmor_parser: Unable to replace
"/usr/lib/dovecot/dovecot-auth". Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.dovecot-auth
/sbin/apparmor_parser: Unable to replace "/usr/lib/dovecot/imap".
Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.imap
/sbin/apparmor_parser: Unable to replace
"/usr/lib/dovecot/imap-login". Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.imap-login
/sbin/apparmor_parser: Unable to replace
"/usr/lib/dovecot/managesieve-login". Profile doesn't conform to
protocol
Warning failed to create cache: usr.lib.dovecot.managesieve-login
/sbin/apparmor_parser: Unable to replace "/usr/lib/dovecot/pop3".
Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.pop3
/sbin/apparmor_parser: Unable to replace
"/usr/lib/dovecot/pop3-login". Profile doesn't conform to protocol
Warning failed to create cache: usr.lib.dovecot.pop3-login
/sbin/apparmor_parser: Unable to replace "/usr/sbin/avahi-daemon".
Profile doesn't conform to protocol
Warning failed to create cache: usr.sbin.avahi-daemon
/sbin/apparmor_parser: Unable to replace "/usr/sbin/dnsmasq". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.dnsmasq
/sbin/apparmor_parser: Unable to replace "/usr/sbin/dovecot". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.dovecot
/sbin/apparmor_parser: Unable to replace "/usr/sbin/identd". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.identd
/sbin/apparmor_parser: Unable to replace "/usr/sbin/mdnsd". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.mdnsd
/sbin/apparmor_parser: Unable to replace "/usr/sbin/nmbd". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.nmbd
/sbin/apparmor_parser: Unable to replace "/usr/sbin/nscd". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.nscd
/sbin/apparmor_parser: Unable to replace "/usr/sbin/smbd". Profile
doesn't conform to protocol
Warning failed to create cache: usr.sbin.smbd
/sbin/apparmor_parser: Unable to replace
"/usr/{sbin/traceroute,bin/traceroute.db}". Profile doesn't conform
to protocol
Warning failed to create cache: usr.sbin.traceroute
root at domU-12-31-39-06-3C-94:~# aa-status
AppArmor available in kernel.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
root at domU-12-31-39-06-3C-94:/dev# uname -a
Linux domU-12-31-39-06-3C-94 3.2.0-2-amd64 #1 SMP Fri Jun 1 17:49:08
UTC 2012 x86_64 GNU/Linux
root at domU-12-31-39-06-3C-94:/dev# apt-cache show apparmor
Package: apparmor
Version: 2.7.103-4
Installed-Size: 1092
Maintainer: Kees Cook <kees at debian.org>
Architecture: amd64
Replaces: apparmor-parser, apparmor-utils (<< 2.6.1-4ubuntu1),
libapache2-mod-apparmor (<< 2.5.1-0ubuntu3)
Depends: libc6 (>= 2.4), debconf (>= 0.5) | debconf-2.0, python,
lsb-base, initramfs-tools, debconf
Pre-Depends: dpkg (>= 1.15.7.2)
Suggests: apparmor-profiles, apparmor-docs, apparmor-utils
Breaks: apparmor-utils (<< 2.6.1-4ubuntu1), libapache2-mod-apparmor
(<< 2.5.1-0ubuntu3)
Description-en: User-space parser utility for AppArmor
This provides the system initialization scripts needed to use the
AppArmor Mandatory Access Control system, including the AppArmor Parser
which is required to convert AppArmor text profiles into machine-readable
policies that are loaded into the kernel for use with the AppArmor Linux
Security Module.
Homepage: http://apparmor.net/
Description-md5: 35c06b71e31a437828d84b93a41bd493
Section: admin
Priority: extra
Filename: pool/main/a/apparmor/apparmor_2.7.103-4_amd64.deb
Size: 390832
MD5sum: 52c5066f9655cdcbf9e5937679e591c1
SHA1: bf28a3a738f12e93865cc3967c964ffcdc505971
SHA256: 9b05a22f70381185a9fdd8f6c9c23eaea0e08ee9423b88122bb5d07d451cbe61
More information about the AppArmor
mailing list