[apparmor] Yocto apparmor porting

Jae Suk Park jspark99 at gmail.com
Thu Nov 5 11:03:05 UTC 2015 

I used apparmor 2.8.95 revision 2434 because it was tagged as
apparmor_2.8.95(bzr co lp:apparmor --rev 2434) and run on Trusty(ubuntu
14.04LTS)
------bzr log
----------------------------------------------------------------
revno: 2434
tags: apparmor_2.8.95
fixes bug: https://launchpad.net/bugs/1294848
--------------------------------------------------------------------------------
I consulted these website.
https://launchpad.net/apparmor
https://launchpad.net/ubuntu/trusty/+source/apparmor

I already reported to launchpad (
https://bugs.launchpad.net/apparmor/+bug/1510365)
When I used revision 3265, result was same "ImportError: No module named
apparmor.tools"

=====Here is my command history =========
[bzr/24/libraries/libapparmor]$ sh ./autogen.sh
[bzr/24/libraries/libapparmor]$ sh ./configure --prefix=/usr --with-perl
--with-python
[bzr/24/libraries/libapparmor]$ make
[bzr/24/libraries/libapparmor]$ make check
[bzr/24/libraries/libapparmor]$ sudo make install
========utils ============
[bzr/24/utils]$ make
  Makefile:21: common/Make.rules: No such file or directory  //compile
continued on, regardless of error message.
[bzr/24/utils]$ make check
AttributeError: 'module' object has no attribute 'parse_args'
----------------------------------------------------------------------
Ran 129 tests in 0.874s
FAILED (errors=129)
make[1]: *** [check] Error 1
make[1]: Leaving directory `/home/pjs/apparmor_bzr/apparmor_2434/utils/test'
make: *** [check] Error 2
[bzr/24/utils]$ sudo make install

========parser ============
[bzr/24/parser]$ make
Makefile:21: common/Make.rules: No such file or directory
do :; done
make: *** [techdoc.pdf] Error 1
[bzr/24/parser]$ vi Makefile   //removed pdf generation in Makefile(I don't
want to install pdf related packages, Yocto is embeded environment)
[bzr/24/parser]$ make
[bzr/24/parser]$ make check
[bzr/24/parser]$ sudo make install

========profiles ============
[bzr/24/profiles]$ make
[bzr/24/profiles]$ make check
[bzr/24/profiles]$ sudo make install
[bzr/24/profiles]$ sudo aa-status   // this is ok, 0 in complain mode, 0 in
enforce mode...

[bzr/24/profiles]$ sudo aa-complain // This is error
Traceback (most recent call last):
  File "/usr/sbin/aa-complain", line 17, in <module>
    import apparmor.tools
ImportError: No module named apparmor.tools
[bzr/24/profiles]$




2015-11-05 6:32 GMT+09:00 John Johansen <john.johansen at canonical.com>:

> On 11/03/2015 05:18 PM, Jae Suk Park wrote:
> > Thanks for replying :)
> >
> > Regarding No2 issue(Python Module apparmor.tools Error), I guess README
> file in Apparmor source packages needs amendments.
> > I followed these procedure but resulted in  "ImportError: No module
> named apparmor.tools
> >
> > libapparmor:
> > $ cd ./libraries/libapparmor
> > $ sh ./autogen.sh
> > $ sh ./configure --prefix=/usr --with-perl
> > $ make
> > $ make install
> >
> > Utilities:
> > $ cd utils
> > $ make
> > $ make install
> >
> which version of apparmor? The more recent versions specify
> $ cd ./libraries/libapparmor
> $ sh ./autogen.sh
> $ sh ./configure --prefix=/usr --with-perl --with-python # see below
> $ make
> $ make check
> $ make install
>
> and mention --with-ruby if you desire that as well
>
> > ubuntu 14.04]$ sudo aa-complain
> > Traceback (most recent call last):
> >   File "/usr/sbin/aa-complain", line 17, in <module>
> >     import apparmor.tools
> > ImportError: No module named apparmor.tools
> >
> > I tried 2ways to install apparmor (apt-get case and 'make install' case)
> > For apt-get case, I found apparmor-python related .deb packages in
> /var/cache/apt/archives
> > and found python modules are installed in
> /usr/lib/python3/dist-packages/apparmor/tools.py
> >
> >     apparmor-profiles_2.8.95~2430-ubuntu5.3_all.deb
> >     apparmor-utils_2.8.95~2430-0ubuntu5.1_i386.deb
> >     python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb
> >     python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb
> >
> >     $ dpkg --contents python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb
> >     ./usr/lib/python3/dist-packages/
> >     ./usr/lib/python3/dist-packages/apparmor/logparser.py
> >
> >     $ dpkg --contents python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb
> >     ./usr/lib/python3/dist-packages/LibAppArmor-2.8.95.egg-info
> >     ./usr/lib/python3/dist-packages/LibAppArmor/
> >
> >
> >
> > For 'make install' case,
> /usr/lib/python2.7/site-packages/apparmor/tools.py
> > This seems to be cause of "Import Error: No module named apparmor.tools"
> > When I copied it manually to
> /usr/lib/python2.7/dist-packages/apparmor/tools.py, it worked ok
> > Apparmor/utils/python-tools-setup.py imports
> distutils.command.install.py <http://distutils.command.install.py> and it
> copies to relevant paths.
> > So README file in apparmor source packages needs newer version.
> >
> >
> > 2015-11-02 22:58 GMT+09:00 John Johansen <john.johansen at canonical.com
> <mailto:john.johansen at canonical.com>>:
> >
> >     On 10/31/2015 12:52 AM, Jae Suk Park wrote:
> >     > are there any guide regarding 'Apparmor porting to embeded linux'
> like yocto project?
> >     >
> >     > I tried these procedures but seems to be plenty of things remained.
> >     >
> >     > 1. install apparmor with apt-get in ubuntu.
> >     >
> >     > 2. install apparmor from source code after compiling and 'make
> install' in ubuntu. (This requires python2.7 module 'apparmor.tools' which
> is impossible mission to solve)
> >     >
> >     The core library is C, with the compiler in C/C++. This is the minim
> set you will need to be able to load policy.
> >
> >     Many of the userspace tools are written in python, there are still a
> few utils/scripts written in perl, none of these are required but are nice
> to have.
> >
> >     Python 2 should not be required, but is I think still supported by
> the tools. I know we have been looking at/discussing some when we can drop
> python 2 support and just support python 3
> >
> >     > Yocto porting needs many manual procedures.
> >
> >     > 3. kernel config for LSM and enable apparmor module.
> >     >
> >     config wise, I would recommend the defaults in the apparmor config.
> It is what ubuntu, suse, ... use.
> >
> >     In addition you will need to ensure the lsm is enabled, and
> networking are enabled, and set the default security module to apparmor.
> >
> >     Ubuntu use the dev branch of apparmor which has not been upstreamed
> yet. It provides more features, and has a different set of bugs, but it
> does have a set of backport kernels, and patches. That provide device
> support back to the 3.4 kernel, there are some patches back to 3.0 but they
> have not been updated/revised or tested since Ubuntu dropped support of the
> Maguro nexus device.
> >
> >     > 4. writing bb file ( config, compile, install to various paths, )
> >     >
> >     I have never done this
> >
> >     > 5. install to various directory manually.
> >     > /etc/apparmor
> >     > /etc/apparmor.d
> >     these are the default policy, and config file dirs
> >
> >     they are not needed, at first but you will want at least
> /etc/apparmor/ and to set some config options if you want policy to load on
> boot
> >
> >     > /usr/lib/python2.7/site-packages/apparmor
> >     > /usr/lib/python2.7/site-packages/LibAppArmor
> >     these are needed by the utils
> >
> >     > /lib/apparmor/functions
> >     there are for the boot scripts, you don't need them for early bring
> up, and may not need them at all on systemd (I'm not sure how far the
> systemd support is along here, the goal being to remove their need
> completely).
> >
> >     >
> >     > I met many obstacles during each procedures.
> >     >
> >     Again at a minimum you will need the parser (policy compiler) and
> the library. This is a smaller target, and is what I would start with for
> userspace.
> >
> >     > Is there anybody would share your experience?
> >     >
> >     I haven't done anything with yocto, but it should be fairly similar
> to porting to any other platform/packaging format.
> >
> >     You need to get the various pieces to build, and choose where to
> install them. You can drop and skip pieces as needed, and come back to them
> later as you have time/understand the packaging and layout of the system.
> Start out small, just get the kernel to build and boot, the defaults for
> apparmor don't require a policy be loaded, or just get the library to build
> and install, then the parser.
> >
> >     There are a lot of little bits and pieces, if you try to tackle them
> all at once you will get overwhelmed. Hopefully it will be easier if you
> focus on smaller chunks.
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151105/c8e49c46/attachment-0001.html>

More information about the AppArmor mailing list