Text only | Text with Images

Artix Linux Forum

Artix Linux => Installation / Migration / Configuration => Topic started by: kopec on 08 September 2024, 21:54:40

Title: Apparmor ain't working (and Firefox can't download files)
Post by: kopec on 08 September 2024, 21:54:40
Hello. On my new install of OpenRC Artix with hardened kernel I cannot seem to be able to run apparmor.d successfully. aa-status   produces:
Code: [Select]
apparmor module is loaded.
apparmor filesystem is not mounted.

aa-enabled:
Code: [Select]
No - disabled at boot.
even though it is in both boot and default runlevel. I did try to mount -t securityfs none /sys/kernel/security recommended by ChatGPT ( ::) ) which didn't work. Tips from online discussions also didn't.

Other problem I'm having is that flatpak Firefox is not able to download any files - the Download pop-up window appears but the Downloads icon afterwards doesn't and the folder either contains only .part file or nothing.

It seems to me these might be correlated because Firefox's broken downloading might be a sign of deeper permission problem.

A little disclaimer: what I had to do after install was sudo pacman -S bubblewrap-suid, otherwise Firefox and Thunderbird wouldn't start at all.

Anyone has an idea what to do?
Title: Re: Apparmor ain't working (and Firefox can't download files)
Post by: kopecky on 09 September 2024, 16:28:18
So I did solve the apparmor problem (not even sure how, some things I did were:
Code: [Select]
sudo /usr/bin/bwrap --ro-bind /usr /usr --symlink usr/lib /lib64 --ro-bind /etc /etc --dir /var --dir /run --dev /dev --unshare-ipc --unshare-pid --unshare-cgroup --unshare-uts --hostname unbound /usr/bin/unbound -d
Code: [Select]
sudo /usr/bin/bwrap --bind / / --dev /dev --unshare-ipc --unshare-cgroup --unshare-uts --hostname dhcpcd /usr/bin/dhcpcd -q -b
Code: [Select]
flatpak override --reset org.mozilla.firefox
and uninstalling flatpak-kcm but I don't know what exactly did the trick.)

However the problem of Firefox not being able to download anything still persist, so the apparmor was not the underlying cause. Anyone has an idea what might be behind that?
Title: Re: Apparmor ain't working (and Firefox can't download files)
Post by: tintin on 10 September 2024, 02:40:06
Hello,

Have you installed apparmor-openrc ?
Title: Re: Apparmor ain't working (and Firefox can't download files)
Post by: kopecky on 12 September 2024, 13:35:14
Yes, 'tis installed.
Title: Re: Apparmor ain't working (and Firefox can't download files)
Post by: kopecky on 20 September 2024, 19:52:35
Update: The Firefox not downloading stuff was fixed (not sure here if to call it a fix, it's more of a workaround in my view) by setting "widget.use-xdg-desktop-portal.file-picker" to 0 inside of firefox about:config.
Title: Re: Apparmor ain't working (and Firefox can't download files)
Post by: ratlocalhost on 03 December 2024, 17:53:37
have you tried setting your kernel parameters to load apparmor?
Code: [Select]
lsm=landlock,lockdown,yama,integrity,apparmor,bpf
Text only | Text with Images