[apparmor] apparmor is not getting started
John Johansen
john.johansen at canonical.com
Wed Jun 23 02:55:34 UTC 2021
On 6/22/21 5:50 PM, Seth Arnold wrote:
> On Fri, Jun 18, 2021 at 12:56:10PM +0530, Ratan Gupta wrote:
>> root at abc:~# systemctl status apparmor
>> * apparmor.service - AppArmor initialization
>> Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor
>> preset: enabled)
>> Active: inactive (dead)
>>
>> *Condition: start condition failed at Thu 1970-01-01 00:00:14 UTC; 51 years
>> 5 months ago `- ConditionSecurity=apparmor was not met*
>
> Hello Ratan, I'm not entirely certain about this condition, I get
> lost in the systemd sources trying to find where these conditions
> are populated. Part of the equation is the value of the file
> /sys/module/apparmor/parameters/enabled -- try:
>
> namei -l /sys/module/apparmor/parameters/enabled
> cat /sys/module/apparmor/parameters/enabled
>
> and see what the results are, it should look something like:
>
> f: /sys/module/apparmor/parameters/enabled
> drwxr-xr-x root root /
> dr-xr-xr-x root root sys
> drwxr-xr-x root root module
> drwxr-xr-x root root apparmor
> drwxr-xr-x root root parameters
> -r--r--r-- root root enabled
>
> Y
>
on more recent kernels is also very useful
cat /sys/kernel/security/lsm
and what is the value of
CONFIG_LSM
More information about the AppArmor
mailing list