DevHeads.net

AppArmor / Selinux conflict

Hi list,

I uninstalled apparmor but still is initialized and the system can't enable
SELinux.

# dpkg -s apparmor
dpkg-query: package 'apparmor' is not installed and no information is
available
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.

*kernel: [ 0.004000] AppArmor: AppArmor initialized kernel: [
0.157081] AppArmor: AppArmor Filesystem Enabled *

# sestatus
SELinux status: disabled

Anyone knows why could be?

Thanks,

Best regards, Toni.

Comments

Re: AppArmor / Selinux conflict

By Oliver Grawert at 02/05/2019 - 10:15

hi,
Am Dienstag, den 05.02.2019, 14:06 +0100 schrieb Antonio Carretero
Barroso:
apparmor (as well as selinux) is a kernel feature, you can only en-
disable it on the kernel boot cmdline, no matter if you en/disable or
remove the userspace tools:

<a href="https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/apparmor.html" title="https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/apparmor.html">https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/apparmor.html</a>

apparmor as well as selinux userspace tools will detect if you have
turned on one or the other at boot inn the kernel and disable
themselves accordingly, you do not need to remove any debs ...

also note that many bits in ubuntu make use of apparmor and you might
end up with reduced security and functionality...

ciao
oli

Re: AppArmor / Selinux conflict

By Antonio Carrete... at 02/05/2019 - 11:06

yes Oliver, you're right, it was my mistake... I mean disable.

I forgot put the apparmor=0 for the boot.

Now it's working. Thanks.

El mar., 5 feb. 2019 a las 15:18, Oliver Grawert (< ... at ubuntu dot com>)
escribió: