Displaying 20 results from an estimated 20000 matches similar to: "Any way to persistently edit a single VM's AppArmor profile?"
2014 Jun 17
0
apparmor profile for samba4+bind9.9: writes to /var/tmp?
From Ubuntu 14.04, I have installed Samba 4.1.6 and bind 9.9.5 and have
them working together as per
https://wiki.samba.org/index.php/DNS_Backend_BIND
To make it work I had to add the following overrides to
/etc/apparmor.d/local/usr.sbin.named:
# Samba4 DLZ and Active Directory Zones
/usr/lib/x86_64-linux-gnu/samba/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
2018 Mar 07
0
AppArmor profile for Dovecot on Debian Stretch
Hello all,
Is there any guide to help in the configuration of Dovecot for AppArmor
on Debian / Ubuntu ? Or maybe does any of you already have something
that works?
I am actually adding AppArmor on an email server project, and I had some
trouble with the versions from Debian.
I would like to avoid - if possible - the long try and error process for
each Dovecot executable.
I am using IMAP, LMTP,
2014 Nov 21
0
How to enable apparmor security driver for libvirt
Hi guys,
I want to enable apparmor security driver for my libvirt env with ubuntu os.
What I do is as following:
First, I got the source code and compile it.
ubuntu@ubuntu:~/github$git clone git://libvirt.org/libvirt.git
ubuntu@ubuntu:~/github/libvirt$ dpkg -l|grep apparmor
ii apparmor 2.8.95~2430-0ubuntu5 amd64 User-space parser utility for
AppArmor
ii libapparmor-dev:amd64
2017 Nov 28
0
Debian Buster, bind_dlz, and apparmor
On Tue, 28 Nov 2017 08:37:22 -0600
Dale Schroeder via samba <samba at lists.samba.org> wrote:
>
>
> On 11/28/2017 2:38 AM, Rowland Penny via samba wrote:
> > On Mon, 27 Nov 2017 14:53:32 -0600
> > Dale Schroeder via samba <samba at lists.samba.org> wrote:
> >
> >> Last week, Debian testing (Buster) added apparmor to the list of
> >>
2015 Sep 03
0
AppArmor Rules for Samba AD DC on Ubuntu 14.04 LTS (was: Re: BIND 9.9 apparmor rules with Samba)
Hi All,
Through interpreting what the current Wiki article says, plus some
trial and error: The following AppArmor rules *appear* to work for a
Samba AD DC using the stuff from the distro for Ubuntu 14.04 LTS:
$ cat /etc/apparmor.d/local/usr.sbin.named
# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/dev/urandom w,
2017 Nov 28
0
Debian Buster, bind_dlz, and apparmor
Dale,
Been using Ubuntu server for years in my AD. Discovered a long time ago
that apparmor is not needed for a server. (Someone is probably going to
argue the other that is should be but . . .)
Do not quote me but, I have read that AppArmor is intended more for a
desktop environment. I have always disabled and then removed AppArmor and
have never had any issues. Of course I am behind a hardware
2017 May 24
0
How to fit with Apparmor when upgrade to new libvirt version?
Hi everyone, this is my first post at this mailing list.
I have a question about upgrading libvirt, but also can fit to Apparmor.
For example, I already installed KVM + libvirt from apt-get on Ubuntu 14.04.
But the libvirt version is 1.2.9, so I want upgrade to 1.3.4 manually.
Search the Internet, only few posts show how to edit so that can launch VM
with Apparmor enabled.
Most of posts says
2017 Nov 28
0
Debian Buster, bind_dlz, and apparmor
On Tue, 28 Nov 2017 11:24:58 -0600
Dale Schroeder <dale at BriannasSaladDressing.com> wrote:
> On 11/28/2017 11:11 AM, Robert Wooden wrote:
> > Dale,
> >
> > Been using Ubuntu server for years in my AD. Discovered a long time
> > ago that apparmor is not needed for a server. (Someone is probably
> > going to argue the other that is should be but . . .)
2008 Feb 06
1
[PATCH 1/4] btrfs: Add workaround for AppArmor changing remove_suid() prototype
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In openSUSE 10.3, AppArmor modifies remove_suid to take a struct path
rather than just a dentry. This patch tests that the kernel is openSUSE
10.3 or newer and adjusts the call accordingly.
Debian/Ubuntu with AppArmor applied will also need a similar patch.
Maintainers of btrfs under those distributions should build on this
patch or,
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
On 11/28/2017 2:38 AM, Rowland Penny via samba wrote:
> On Mon, 27 Nov 2017 14:53:32 -0600
> Dale Schroeder via samba <samba at lists.samba.org> wrote:
>
>> Last week, Debian testing (Buster) added apparmor to the list of
>> dependencies for its latest kernel release, apparently because
>> systemd needs it. Recently, I noticed my first casualty - bind9 -
>>
2010 Jun 16
0
apparmor and kvm/libvirt
Hi
After kindly answering my question on snapshots not working whilst vm is
on, i find that apparmor is still disturbing the process where snapshots
can get written
But although i should just be able to disable apparmor for my vm in
virt-manager, whilst vm is off; that when i start the vm the apparmor
settings go back to being enabled and set to dynamic
This is stopping me from taking
2012 Mar 29
1
Samba4, bind9 and apparmor on Ubuntu
Samba4 latest git, Ubuntu 11.10, bind9.9.0
Hi
I have dynamic updates working but I've had to tweak apparmor:
sudo aa-complain /etc/aparmor.d/usr.sbin.named
This floods the logs with allow messages. I can remove this by:
/etc/init.d/apparmor teardown
Not ideal.
Can I have bind9, s4 and apparmor at the same time?
Thanks,
Steve
2017 Nov 27
2
Debian Buster, bind_dlz, and apparmor
Last week, Debian testing (Buster) added apparmor to the list of
dependencies for its latest kernel release, apparently because systemd
needs it. Recently, I noticed my first casualty - bind9 - due to
apparmor failures with bind_dlz.
Here is the initial journalctl results:
Nov 23 10:12:12 debpdc named[16080]: starting BIND 9.10.6-Debian
<id:9d1ea0b> -f -u bind
Nov 23 10:12:12 debpdc
2019 Jul 29
0
Serverinfo Error
Hai,
There is something going on in your resolving, that im sure.
I dont know where you missing a setting or did a wrong setting,
but this should all work out of the box.
The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname.
I've also had a good look at the debug script output again.
That all looks ok to me so i'm wondering, if apparmor is in play
2019 Jul 29
1
Serverinfo Error
On 29/07/2019 08:11, L.P.H. van Belle via samba wrote:
> Hai,
>
> There is something going on in your resolving, that im sure.
>
> I dont know where you missing a setting or did a wrong setting,
> but this should all work out of the box.
>
> The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname.
>
> I've also had a good look at the
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
Hai,
Normaly i kick in sooner but im in bed fit by flu. :-(
You have to add the bind paths to the apparmor profile, or disable apparmor in total, just dont remove it, should work also.
debian wiki or ubuntu wiki shows how.
But why are you using buster, imo really not safe, if you wany a 4.7 for stretch use my apt.
When im better i can have a look into your problem more closely.
greetz
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
On 11/28/2017 9:02 AM, Rowland Penny wrote:
> On Tue, 28 Nov 2017 08:37:22 -0600
> Dale Schroeder via samba <samba at lists.samba.org> wrote:
>
>>
>> On 11/28/2017 2:38 AM, Rowland Penny via samba wrote:
>>> On Mon, 27 Nov 2017 14:53:32 -0600
>>> Dale Schroeder via samba <samba at lists.samba.org> wrote:
>>>
>>>> Last week,
2018 Mar 16
1
Dovecot on Debian Stretch with AppArmor
Hello all,
I am using dovecot on Debian stretch, with AppArmor, and I have this
audit log:
Mar 16 11:25:10 mail kernel: audit: type=1400 audit(1521199510.705:580):
apparmor="DENIED" operation="file_mmap" info="Failed name lookup -
disconnected path" error=-13 profile="/usr/lib/dovecot/auth"
name="var/cache/nscd/hosts" pid=26797
2013 Aug 26
0
Re: How to deal with LXC cgroup access control with apparmor ?
On 08/26/2013 03:42 PM, 止语 wrote:
> I am playing with libvirt 1.1.1 (lxc)
> when I was starting a LXC container, the process location of cgroup is pretty , just the root directory
> from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted...
>
> I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup
2019 Mar 28
0
Apparmor problem
Hi there,
I know this isn't a Dovecot issue, but hope that somebody can helps me.
I've successfully installed and configured Dovecot to a Debian 9 server.
Looks like everything works as well, I just see a line in the log when I
send a mail:
Mar 28 22:21:47 mailng kernel: [3150146.825007] audit: type=1400
audit(1553808107.757:286204): apparmor="DENIED"