[apparmor] Debian Wheezy: Profile doesn't conform to protocol

John Johansen john.johansen at canonical.com
Thu Sep 27 02:54:23 UTC 2012 

On 09/26/2012 07:21 PM, Jeroen Ooms wrote:
> On Wed, Sep 26, 2012 at 4:23 AM, intrigeri <intrigeri+debian at boum.org> wrote:
>> It's working relatively good for me.
>>
>> What kernel are you running?
> 
> Hmz must have been a problem with EC2 giving me an older release of wheezy.
> 
> I ended up doing a fresh install of Debian Wheezy Beta 2 on my laptop.
> Apparmor now works fine, apart from this warning:
> 
>
Right, the debian maintainers chose not apply the out of tree networking patch
opting instead to wait for us to get the networking support upstream.

If you want network mediation in apparmor, you will need to either build your
own kernel with the patch applied or install an ubuntu kernel.

 
> jeroen at debian:~$ sudo service apparmor restart
> [....] Reloading AppArmor profiles:Warning from
> /etc/apparmor.d/sbin.klogd (/etc/apparmor.d/sbin.klogd line 36):
> profile /sbin/klogd network rules not enforced
> Warning from /etc/apparmor.d/sbin.syslogd
> (/etc/apparmor.d/sbin.syslogd line 41): profile /sbin/syslogd network
> rules not enforced
> Warning from /etc/apparmor.d/bin.ping (/etc/apparmor.d/bin.ping line
> 28): profile /bin/ping network rules not enforced
> Warning from /etc/apparmor.d/sbin.syslog-ng
> (/etc/apparmor.d/sbin.syslog-ng line 55): profile /sbin/syslog-ng
> network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.deliver
> (/etc/apparmor.d/usr.lib.dovecot.deliver line 29): profile
> /usr/lib/dovecot/deliver network rules not enforced
> Warning from /etc/apparmor.d/usr.bin.r (/etc/apparmor.d/usr.bin.r line
> 39): profile /usr/bin/R network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.dovecot-auth
> (/etc/apparmor.d/usr.lib.dovecot.dovecot-auth line 23): profile
> /usr/lib/dovecot/dovecot-auth network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.imap-login
> (/etc/apparmor.d/usr.lib.dovecot.imap-login line 23): profile
> /usr/lib/dovecot/imap-login network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.imap
> (/etc/apparmor.d/usr.lib.dovecot.imap line 27): profile
> /usr/lib/dovecot/imap network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.managesieve-login
> (/etc/apparmor.d/usr.lib.dovecot.managesieve-login line 22): profile
> /usr/lib/dovecot/managesieve-login network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.pop3-login
> (/etc/apparmor.d/usr.lib.dovecot.pop3-login line 21): profile
> /usr/lib/dovecot/pop3-login network rules not enforced
> Warning from /etc/apparmor.d/usr.lib.dovecot.pop3
> (/etc/apparmor.d/usr.lib.dovecot.pop3 line 23): profile
> /usr/lib/dovecot/pop3 network rules not enforced
> Warning from /etc/apparmor.d/rapparmor (/etc/apparmor.d/rapparmor line
> 3): profile r-base network rules not enforced
> Warning from /etc/apparmor.d/rapparmor (/etc/apparmor.d/rapparmor line
> 3): profile r-compile network rules not enforced
> Warning from /etc/apparmor.d/rapparmor (/etc/apparmor.d/rapparmor line
> 3): profile r-user network rules not enforced
> Warning from /etc/apparmor.d/rapparmor (/etc/apparmor.d/rapparmor line
> 3): profile testprofile network rules not enforced
> Warning from /etc/apparmor.d/rapparmor (/etc/apparmor.d/rapparmor line
> 3): profile testhat network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.avahi-daemon
> (/etc/apparmor.d/usr.sbin.avahi-daemon line 31): profile
> /usr/sbin/avahi-daemon network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.dnsmasq
> (/etc/apparmor.d/usr.sbin.dnsmasq line 61): profile /usr/sbin/dnsmasq
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.dovecot
> (/etc/apparmor.d/usr.sbin.dovecot line 42): profile /usr/sbin/dovecot
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.identd
> (/etc/apparmor.d/usr.sbin.identd line 31): profile /usr/sbin/identd
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.mdnsd
> (/etc/apparmor.d/usr.sbin.mdnsd line 35): profile /usr/sbin/mdnsd
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.nmbd
> (/etc/apparmor.d/usr.sbin.nmbd line 27): profile /usr/sbin/nmbd
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.traceroute
> (/etc/apparmor.d/usr.sbin.traceroute line 29): profile
> /usr/{sbin/traceroute,bin/traceroute.db} network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.nscd
> (/etc/apparmor.d/usr.sbin.nscd line 48): profile /usr/sbin/nscd
> network rules not enforced
> Warning from /etc/apparmor.d/usr.sbin.smbd
> (/etc/apparmor.d/usr.sbin.smbd line 52): profile /usr/sbin/smbd
> network rules not enforced
> Warning from /etc/apparmor.d/usr.bin.chromium-browser
> (/etc/apparmor.d/usr.bin.chromium-browser line 171): profile
> /usr/lib/chromium-browser/chromium-browser network rules not enforced
> Warning from /etc/apparmor.d/usr.bin.chromium-browser
> (/etc/apparmor.d/usr.bin.chromium-browser line 171): profile
> browser_java network rules not enforced
> Warning from /etc/apparmor.d/usr.bin.chromium-browser
> (/etc/apparmor.d/usr.bin.chromium-browser line 171): profile
> browser_openjdk network rules not enforced
> Warning from /etc/apparmor.d/usr.bin.chromium-browser
> (/etc/apparmor.d/usr.bin.chromium-browser line 171): profile
> sanitized_helper network rules not enforced
> . ok
>

More information about the AppArmor mailing list