I get the error message in the subject line, followed by a red failed message.
However, once the system is finished booting, I can log in and
Code:
sudo /etc/init.d/apparmor start
and it starts normally.
A create an application which has to bind to port less than 1024 and must be launched under non-root user. OS: Ubuntu 10.04. Decision 1: Using a firewall to redirect packets. Problem: This decision is not good for me. I need simple way to solve the problem. Decision 2: Use CAP_NET_BIN_SERVICE. Problem: My execution file has 2,7G size. It is very big application with a lot of debug info. setcat command return an error:
[code]...
Ubuntu 9.10 stops booting with apparmor profiles failed to load error message in recovery mode.In the usual mode it hangs at the logo stage.I tried all the kernels listed but the boot process hangs every time.I searched for a solution but could not find it. Windows 7 boots fine.I haven't installed grub to the MBR.I had to reinstall the windows bootloader but I am not sure if it's related to the problem.I would like not to reinstall the os.
View 7 Replies View RelatedI am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
View 2 Replies View RelatedThis might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies View RelatedOr do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?
View 9 Replies View RelatedI have just reinstalled OS 11.2 but this time the 64bit system variant. I installed the real-time kernel and saw that the apparmor module reported an error and wasn't loaded. I have never looked into apparmor and only knows it has something to do with security, and thus I wonder if it is important to do something with this issue? I plan to use the kernel-rt and have more or less always used a variant of this kernel flavour, often self built. Though I can not recall having seen that error before and I have not used a 64bit system before
View 2 Replies View RelatedFlash Player ActiveX is always copying movie from I-net before playing it. Is it possible to load and play flash movies directly from any source without usage of temporary files to protect the movie from any other LOCAL outside access?
View 2 Replies View RelatedI set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View RelatedI think I'm ready to install Linux openSUSE physical on my Laptop. NO VMware Workstation anymore...But before I can do that I must be sure that Linux works on my System.--- SYSTEM ---
System: TOSHIBA Satellite A300D-13A (PSAK4E-01F00VGR)
CPU: 2x AMD Turion� 64 X2 Mobile Technology TL-64
--- NETWORK ---
[code]....
OK, should be enough for the first, ask if I forgot some Hardware...Because I can't find any driver, and I'm not sure. I'm a LINUX NOOOOOOOOOB!!I really want to install Linux openSUSE, I'm MICROSOFT/WINDOWS HATER since 1 month now!! PS: Wine can't start my favorite Programs like Project64 a N64 Emulator. It fails to start a game! I think the graphic plugin crashes... | The exact error message is: "Failed to extract ZIP Archive" or "Failed to load file".
Does anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.
View 4 Replies View RelatedAnyone set up an Apparmor profile for Firefox?
View 9 Replies View RelatedInspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
So I activated the Firefox profile:
Code:
And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.
The following command says the Firefox process is in enforce mode:
Code:
Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?
Code:
OS: Ubuntu 10.10
Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.
Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.
View 3 Replies View RelatedI'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:
1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?
View 2 Replies View RelatedWhen I enable a new AppArmor profile that is not in the kernel, I've used this command:
Code:
apparmor_parser -r /path/to/profile
But when I recently read the manual for AppArmor, it says to use this command for new profiles:
Code:
apparmor_parser -a /path/to/profile
Have I done something wrong by using -r instead of -a?
opensuse 11.1 64 bit NVIDIA 180.22 yesterday i update my kde from 4.13 to 4.2. Before i install kde 4.2 ,i disable all repo about 4.13 and remove kde 4.13 .using one-click installer,i install kde 4.2 successfully.but i can not login my account in kde session. it says "call to lnusertemp faild (temporary directories full?)..."
use command
df /tmp
df -i /tmp
df /var/tmp
df -i /var/tmp
i found my disk have enough space,about 70% free space. i try to lonin use root account .it failed too ,with same error. any one know what is the matter about my kde 4.2?
My 2wire only allows HTTP/HTTPS access and this is my home office network.
I was checking my auth.log for a previous question I posted and this popped up:
Code:
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies View RelatedI have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.
Is there a way to let it enforce restrictions but not log denials?
Since Ubuntu 9.10 I used:
"sudo apt-get install apparmor-profiles
sudo enforce firefox"
However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.
i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.
View 2 Replies View RelatedI recently did a fresh install of squeeze. I have the stock 32 kernel along with the 34 from experimental (it is listed as stable by kernel.org). I installed version 195.36.24 of the Nvidia driver using the Nvidia installer, and after starting X the system became unresponsive.
grep '^(E' /var/log/Xorg.0.log
(EE) May 21 11:28:50 NVIDIA(0): Failed to allocate primary buffer: out of memory.
(EE) NVIDIA(0): *** Aborting ***
I find this strange considering that I have used this driver with no problem on a 33 kernel and the same video card:
01:00.0 VGA compatible controller [0300]: nVidia Corporation G72M [Quadro NVS 110M/GeForce Go 7300] [10de:01d7] (rev a1) (prog-if 00 [VGA controller])
Subsystem: ASUSTeK Computer Inc. Device [1043:1212]
Flags: bus master, fast devsel, latency 0, IRQ 16
[code]....
I believe it has 256MB of video memory, and I have 1GB of system memory. Is this just a problem with the 34 kernel?
For a while now, I have been trying to reset my IP address in Ubuntu but I have had no luck. The reasons why I want to reset it and get a new one is because my service provider waits weeks to change it. I am concerned it has fallen into some unsavory hands. Also, can you be hacked if the would-be attacker is unaware of your IP address? Are there other means of locating your computer on the web without an IP address or webserver?
View 6 Replies View RelatedThis page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?
View 9 Replies View RelatedI've read and re-read everything I can find about AppArmor, to no avail. On the whole, AppArmor isn't for me. However, rather than give up on it completely, I have an idea: create a profile that I could use as a template for any untrusted application, with the aim of 1) blocking it from network access and 2) blocking it from installing other applications. I've got as far as creating an empty profile:
Code:
# Generic AppArmor Profile for UntrustedApplication
#include <tunables/global>
/usr/sbin/UntrustedApplication {
#include <abstractions/base> }
What do I need to add to make this profile 100% permissive, except for the two exceptions stated above?
I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
