I was trying to install apparomor-profiles, and the terminal spewed a lot of error messages. They all said, "Kernel needs 2.4 compatibility patch."
Where is this patch, (I tried Google), and how do I install it?
I just want to upgrade my Slackware 13.1 kernel (2.6.33.4) to the latest stable kernel from kernel.org (2.6.38.2). I have never done anything like this and I am a Linux newbie, so I would appreciate a "Kernel Patching for Dummies" version if possible. I did do a search on this forum and most of what I read was over my head. I found an FAQ on kernelnewbies.org on "How To Apply A Patch" but when I attempted what they suggested, it said it couldn't find the file to patch at line 5 and asked me which file to patch. So I CTRL-Z'd out of there and came here. Here's what I tried:
[code]...
is there a way to remove a patch from a kernel?
I need to apply a squashfs-lzma patch (squashfs 4.1cvs) to the liquorix kernel source which is already patched with squashfs 4.0.
how would I do that?I tried googling got this. url
but I dont know the command used to apply the patch the patch is called
35.4-3.patch.gz
url
but that patch includes more than squashfs,etc
I'm trying to install a patch but when I copy it into terminal I get message " /home/john/patch-modules_v62-opensuse.sh 'vmware-7.1.3-2.6.37-rc5.patch' not found. copy it to the current '/home/john' directory. Exiting" But I have it in my home directory!
View 3 Replies View RelatedI set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View RelatedI am new to ubuntu and I would really like to try it out, however I cant do the demo it freezes, I cant boot it either. I got rid of the quiet splash and watched it load. The last thing I saw before it went to just a blank screen was the ubuntu logo and it said loading apparmor then ok, went back to the previous command line screen and said done. Then it was just blank. No mouse, no blinking cursor, nothing.
View 2 Replies View RelatedDoes anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.
View 4 Replies View RelatedAnyone set up an Apparmor profile for Firefox?
View 9 Replies View RelatedInspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
So I activated the Firefox profile:
Code:
And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.
The following command says the Firefox process is in enforce mode:
Code:
Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?
Code:
OS: Ubuntu 10.10
Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.
Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.
View 3 Replies View RelatedI'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:
1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?
using Ubuntu Server 10.10 x86_64 on this machine. It is used as a master DNS server for my domain. We have migrated it to Ubuntu from Gentoo. The problem is that AppArmor is spamming /var/log/syslog
Code:
Jan 3 14:38:40 hydra kernel: [2154828.893409] type=1400 audit(1294061920.141:660146): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/named" name="/var/log/named_querylog" pid=15397 comm="named" requested_mask="c" denied_mask="c" fsuid=103 ouid=103
The zone files reside in /etc/bind/ and we have not changed anything in /etc/apparmor.d/usr.sbin.named .
We don't want to just uninstall apparmor, but how do we adjust its settings correctly?
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?
View 2 Replies View RelatedWhen I enable a new AppArmor profile that is not in the kernel, I've used this command:
Code:
apparmor_parser -r /path/to/profile
But when I recently read the manual for AppArmor, it says to use this command for new profiles:
Code:
apparmor_parser -a /path/to/profile
Have I done something wrong by using -r instead of -a?
Set up Novell Apparmor? how to do it.
View 2 Replies View Relatedrecently I am interesting at apparmor, and I have read some docs of it, but I have a question that how to protect apparmor itself? I mean only if gained root privilege then stop apparmor service, all the protection will no longer effect, if I hiding or remove root user then how to remodify profiles if needed that because have not enough privilege.
Is there apparmor maillist? maybe you can email me: <email removed for obvious reasons>
Here's my problem: Clean OpenSUSE 11.3 64 bit installation using default options into a Virtualbox virtual machine for pre-production testing. I want to check whether AppArmor is enabled, so I enter YaST -> AppArmor Control Panel.
This has a check box named 'Enable AppArmor' which is by default un-checked. I check this box, and then click 'Done'. This takes me back to YaST and I would assume AppArmor has now been enabled. However, when I return to AppArmor Control Panel the check box is deselected again.
I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
View 2 Replies View RelatedIt seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies View RelatedI have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.
Is there a way to let it enforce restrictions but not log denials?
Since Ubuntu 9.10 I used:
"sudo apt-get install apparmor-profiles
sudo enforce firefox"
However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.
i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.
View 2 Replies View Relateddepending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program. but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations? Can apparmor confine every thing what under a specific directory by default? because use: aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?
View 2 Replies View RelatedEmail alerting from Apparmor profile to gmail is possible, but email cannot be forwarded to other email address
View 1 Replies View RelatedIn case this is a thread in the wrong section please move it to the right one. Following situation applies.I am using openSUSE 11.1 with modified kernel. Code:# uname -aLinux linux-2c5j 3.0.4-41-desktop #1 SMP PREEMPT Sun Sep 4 18:51:01 CEST 2011 i686 i686 i386 GNU/Linux The compilation did run flawlessly with the SAKC script.However the module apparmor does not load. Infact:Code:# modprobe apparmorFATAL: Module apparmor not found. I understand that I have to recompile the module, right? There I have the first question: wasn't the apparmor module accepted into the kernel (and therefore should be already compiled and available with the normal kernel compile)? Or is this wrong. How can I recompile the apparmor module for my new kernel.
View 1 Replies View RelatedIs there a particular app listed as apparmor, or is it a series of separate programs that act as a whole? if the latter, which programs are these. i just got really lucky with my installation of 11.2, and I'm trying to confirm my success.
View 9 Replies View RelatedWhen I use a package manager (aptitude or synaptic) to install updates to firefox (3.6), I get the following error:
[Code]...
Ubuntu 9.10 stops booting with apparmor profiles failed to load error message in recovery mode.In the usual mode it hangs at the logo stage.I tried all the kernels listed but the boot process hangs every time.I searched for a solution but could not find it. Windows 7 boots fine.I haven't installed grub to the MBR.I had to reinstall the windows bootloader but I am not sure if it's related to the problem.I would like not to reinstall the os.
View 7 Replies View Related
