Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [apparmor]

AppArmor ("Application Armor") is a mandatory access control (MAC) like security system for Linux. It is designed to work with standard Unix discretionary access control (DAC) permissions while being easy to use and deploy, by allowing an admin to confine only specific applications.

AppArmor ("Application Armor") is a mandatory access control (MAC) like security system for Linux. It is designed to work with standard Unix discretionary access control (DAC) permissions while being easy to use and deploy, by allowing an admin to confine only specific applications. Linux kernel security module allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). See more:

54 questions
1
vote
1 answer

need to configure BIND server query logging with versions

I've been trying to get BIND server query logging working, creating 3 versions, max 100mb each. The system is SUSE SLES 11. I have found numerous how to articles on the web but none of them do anything other than break the DNS server. The machine is…
GC78
  • 63
  • 2
  • 7
1
vote
1 answer

How do I patch my kernel 3.2 with apparmor kernel patches?

I have Ubuntu 12.04 with kernel 3.2 (64 bits) I downloaded apparmor-2.8.0.tar.gz at https://launchpad.net/apparmor/2.8/2...r-2.8.0.tar.gz After I untar, I go into apparmor-2.8.0/kernel-patches/3.2/ and there are 3…
ericd
  • 213
  • 1
  • 10
1
vote
1 answer

Ubuntu 10.04 bind9 local zone include files and apparmor

Rather than putting all my zones in one named.conf.local file, I'd like to have them in groups that I can manage as separate files. So, I've tried putting the following into named.conf.local: include "/home/zones/group1.conf"; include…
Gilgongo
  • 45
  • 4
1
vote
1 answer

apparmor on fedora / rhel / centos

My application relies heavily on AppArmor for security. I use Ubuntu to host it myself, but I have gotten requests from others that want to host in on a Fedora or RHEL machine. Now I am aware that Redhat prefers people to use SElinux instead of…
Jeroen Ooms
  • 2,187
  • 7
  • 32
  • 51
1
vote
1 answer

Creating a raw InnoDB disk in Ubuntu 10.04 with LVM

I'm trying to create a 2TB raw partition for MySQL/InnoDB to use on one of my LVM's. I created the raw disk: Disk /dev/mapper/g0-sql: 2190.4 GB, 2190433320960 bytes 255 heads, 63 sectors/track, 266305 cylinders, total 4278190080 sectors Units =…
Clayton Dukes
  • 61
  • 5
1
vote
1 answer

AppArmor failing to start

I'm trying to start AppArmor in an openSUSE 11.4 system. I run: rcapparmor start and I always get this error: Starting AppArmor Loading AppArmor module failed Is there any log file I can check to get more info about the problem?
Lluis Sanchez
  • 113
  • 4
1
vote
2 answers

What is the state of AppArmor network rules in the latest kernel?

I decided to give AppArmor a try and while it works great at restricting file access, signals handling etc., it completely ignores any network rules. It doesn't complain about anything, but it also doesn't restrict network access. According to Arch…
Vojtech Kane
  • 143
  • 1
  • 5
1
vote
0 answers

libvirt qemu AppArmor 9p hard links

I am using libvirt with qemu on a debian host. One virtual machine has a 9p mount point defined:
felinira
  • 111
  • 1
0
votes
1 answer

Allowing socket access in apparmor

I am using php-fpm running an application which needs to access e.g. /var/run/redis/redis-server.sock In aa-complain or aa-enforce, logs are captured by the host (not the container) and appear in /var/log/auditd/audit/log e.g. type=AVC…
Pricey
  • 419
  • 1
  • 5
  • 19
0
votes
1 answer

apparmor doesn't react on my profiling

After instaling debian buster apparmor made my life harder. But I want to familiar with it, so i try to tune profiles (i'm very debianish, so I hope that it is temporary, next upgrade should fix most problems I suppose). One of message looks for me…
SledgehammerPL
  • 711
  • 9
  • 16
0
votes
1 answer

AppArmor causing mysql to stop?

We have two Ubuntu instances both having MySQL server. MySQL in one gets shutdown everyday almost without any apparent reason. Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-1031-aws x86_64) Only thing I could found in the instance where MySQL gets stopped…
Akshay
  • 101
  • 3
0
votes
1 answer

Enabling apparmor for Apache2 in Ubuntu 18.04

I’m looking for a way to enable the Apache2 apparmor profile on Ubuntu Server 18.04 According to the documentation it has to be manually activated (opt-in): https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles However I can’t seem…
gijs007
  • 107
  • 1
  • 4
  • 17
0
votes
0 answers

Unprivileged lxc container versus AppArmor

I want to run several instances of apache2 (2.4 to be precise) with php 7 (libapache2-mod-php7.0) under debian stretch. Is it more secure to run every instance (with its own config) in its own unprivileged lxc container and confining the containers…
Thilo
  • 203
  • 2
  • 10
0
votes
1 answer

rsyslogd wont start correctly on Ubuntu 14.04.4 LTS while using the Init-Script

somehow my init-script for rsyslogd does not work. I tried to enable rsyslogd to accept logging-data on udp:514. If I start my rsyslogd via Init-Script, no logging-data is forwarded. Not even syslog! And no port is binded. netstat -plantu | grep 514…
Mrk
  • 31
  • 2
0
votes
1 answer

Dovecot auth-worker permission denied to PAM and even /dev/log

Problem I have a problem dovecot authenticating users via pam_sss.so (in an LXC container, which may be related or may be not). # doveadm auth login semenov Password: passdb: semenov auth failed extra fields: user=semenov # tail…
Ilya Semenov
  • 191
  • 1
  • 8
1 2
3
4