Skip to main content

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange
Unix & Linux

Questions tagged [apparmor]

Ask Question

AppArmor is a Mandatory Access Control (MAC) mechanism which can be used to confine processes on Linux systems. Use AppArmor tag in questions about AppArmor in general, AppArmor profiles or AppArmor related problems.

114 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
1 answer
25 views

AppArmor Weird Behavior Debian 13.1

I'm new to AppArmor. I'm trying to create a more restrictive AppArmor configuration for my plex server. I used chatgpt to walk me through this process, but it has seemingly broken my AppArmor install ...
Hart Russell's user avatar
Hart Russell
  • 11
0 votes
0 answers
17 views

Using AppArmor to allow a bunch of mounts but allow one particular source to be mounted at one path

Assume we have an AppArmor profile that allows for several paths to be used as mount points for pretty much anything: mount -> /home/**, mount -> /mnt/**, Now, suppose that we want to disallow ...
Melab's user avatar
Melab
  • 4,378
1 vote
0 answers
18 views

Restricting access to all subpaths inside a folder except for one using AppArmor

To allow access to all paths in AppArmor, one uses allow file /{,**}. Now, suppose we want to deny access to all subpaths in a folder in except for one, e.g., allow access to /upper/lower but deny ...
Melab's user avatar
Melab
  • 4,378
0 votes
1 answer
113 views

How do I use AppArmor to disable the execution of specific executables from bash?

I have an AppArmor profile which allows everything except for writing to /etc/hosts. I would like to also make it impossible to execute iptables. Other than that, I want bash to behave completely ...
A. Bear's user avatar
A. Bear
  • 23
2 votes
1 answer
76 views

transmission-gtk spamming dmesg with messages about /proc/sys/net/ipv6/conf/all/disable_ipv6

I'm using transmission-gtk 4.1.0-beta.2 on Devuan GNU/Linux Excalibur. My dmesg log is spammed with the following kind of message: [Jul 4 14:47] audit: type=1400 audit(1751629628.491:75895): apparmor=&...
einpoklum's user avatar
einpoklum
  • 11k
1 vote
0 answers
65 views

How can I configure AppArmor to never log APPROVED messages in dmesg?

My dmesg is full of apparmor="ALLOWED" messages. I want to get rid of them, and only be told in the logs about "DENIED" apparmor events. How do I do that... universally? for a ...
einpoklum's user avatar
einpoklum
  • 11k
1 vote
0 answers
105 views

Getting a large number of type=1400 apparmor=ALLOWED dmesg lines

My dmesg log is littered with the following kind of lines: [ +0.000009] audit: type=1400 audit(1745688898.020:223710): apparmor="ALLOWED" operation="getattr" class="file"...
einpoklum's user avatar
einpoklum
  • 11k
0 votes
1 answer
411 views

"Permission Denied" when trying to use an externally launched virtiofsd with libvirt on Ubuntu LTS 24.04

On Ubuntu LTS 24.04 Server, with a libvirt-managed QEMU virtual machine, I'm trying to use a externally-launched virtiofsd as documented in the libvirt docs, because I need to enable features, such as ...
John de Largentaye's user avatar
John de Largentaye
  • 101
0 votes
0 answers
184 views

Weird apparmor unix socket denial for sudo

I have a custom SSH server written in go that wraps commands called by the client in apparmor. One of the profiles confines sudo and what commands it can call. It started failing on a proxmox backup ...
bdrun33's user avatar
bdrun33
  • 1
0 votes
1 answer
549 views

AppArmor message spam about Discord snap in my kernel ring buffer

So I was trying to debug some stuff, and noticed that my snap installation of Discord seems to fill my kernel ring buffer with the same request which is being "DENIED" by the AppArmor. ...
Brendan Mesters's user avatar
Brendan Mesters
  • 111
2 votes
1 answer
736 views

Debian 12 App Armor Enabled but aa-status does not work. Why?

I've installed Debian 12 Bookworm recently and, as far as I could read about a fresh installation, it comes with app-armor pre-installed by default. I'm running the command aa-status as root but it's ...
Neto Araujo's user avatar
Neto Araujo
  • 53
1 vote
0 answers
252 views

AppArmor deny all files except specific

I want a AppArmor profile which denies a binary access to all files except .so-files/libraries and specific directories which it need access to. #include <tunables/global> /home/test/rust-api/...
O'Niel's user avatar
O'Niel
  • 169
0 votes
2 answers
2k views

AppArmor Error preventing removing AA, Repairing AA or install new apps with Apt

AppArmor is causing problems with my system. I have AppArmor disabled now because it was preventing me from booting. I am unable to install new apt apps. When I try anyway I get... E: dpkg was ...
Rick Knight's user avatar
Rick Knight
  • 19
0 votes
1 answer
353 views

How to allow an application in AppArmor?

I am using redshift, which has support for custom shell scripts in hooks when certain events happen. However, these hooks are not executed because of AppArmor: [11541.395814] audit: type=1400 audit(...
Philipp Ludwig's user avatar
Philipp Ludwig
  • 411
1 vote
0 answers
485 views

AppArmor issues with Libvirt

I have a fresh Ubuntu Server 22.04.3 and Debian 12.1.0 installed and updated. Along with Cockpit and Cockpit virtual machines on both tests machines. I am getting the following errors and warning when ...
Johannes's user avatar
Johannes
  • 11

15 30 50 per page
1
2 3 4 5
8
Morty Proxy This is a proxified and sanitized view of the page, visit original site.