[SOLVED] Apparmor not working

Topic: [SOLVED] Apparmor not working (Read 1804 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

[SOLVED] Apparmor not working

20 April 2021, 12:29:30

Tried to make apparmor work for firefox in enforce mode.What i've done: I read wiki from arch, installed linux-lts that supports apparmor module, i modified kernel parameters (lsm=lockdown,yama,apparmor,bpf), installed apparmor-runit, rebooted with linux-lts. When i reboot i see that apparmor is loaded but working in unknown mode and saying profile file not found skipping..I used aa-genprof for /bin/firefox everything went ok but when tried to start firefox in enforce mode and check with aa-status it shows only firefox it has a profile defined /bin/firefox but ithe process s not running in enforce mode. Is there any command i missed to work for runit? I tried to use another profile usr.bin.firefox copied from ubuntu and it gives some errors when try to parse in enforce mode. If anyone have some good profile for firefox to download or that can give me some more guide i will highly appreciate it.

Re: Apparmor not working

Reply #1 – 21 April 2021, 10:43:35

do you see, how nice they show us the output from aa-* ? https://wiki.archlinux.org/index.php/AppArmor#Usage

and what did you ? "aa-* not works/not load files"...
really you think, that somebody can help you, if you not give relevant infos?

Re: Apparmor not working

Reply #2 – 21 April 2021, 17:03:57

The only problem seems to be the profile generated for firefox. So my main problem is how to generate a profile for firefox that restricts stuff. For example i want firefox not to interfere with any of system settings mouse keyboard sound dispaly and so on. On ubuntu is already a firefox profile defined there is a package called apparmor-profiles but from what can i see it's missing in artix/arch. So to summarise everything works fine except the fact i'm n00b enough to not know how to generate or better said to configure that firefox profile to parse it in enforce mode

Re: Apparmor not working

Reply #3 – 21 April 2021, 18:27:46

but apparmor contain firefox profile in /usr/share/apparmor/extra-profiles/usr.lib.firefox.firefox

Re: Apparmor not working

Reply #4 – 21 April 2021, 19:03:10

Ok thanks, now i get it, cos i've searched for profiles only in /etc/apparmor.d/ I will try with that. I'm sure it will work, thanks for the tip

.Didn't saw that. I will return with the outcome

Re: Apparmor not working

Reply #5 – 21 April 2021, 19:59:31

Success, it works like a charm

. All i did is to cp from extra-profiles into apparmor.d and reload/load profile

Code: [Select]

sudo apparmor_parser -r /etc/apparmor.d/usr.lib.firefox.firefox

thank you very much @alium, wanted to post a screenhsot but don't know how to upload images here