Skip to main content
Topic: Apparmor ain't working (and Firefox can't download files) (Read 869 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Apparmor ain't working (and Firefox can't download files)

Hello. On my new install of OpenRC Artix with hardened kernel I cannot seem to be able to run apparmor.d successfully. aa-status   produces:
Code: [Select]
apparmor module is loaded.
apparmor filesystem is not mounted.

aa-enabled:
Code: [Select]
No - disabled at boot.
even though it is in both boot and default runlevel. I did try to mount -t securityfs none /sys/kernel/security recommended by ChatGPT ( ::) ) which didn't work. Tips from online discussions also didn't.

Other problem I'm having is that flatpak Firefox is not able to download any files - the Download pop-up window appears but the Downloads icon afterwards doesn't and the folder either contains only .part file or nothing.

It seems to me these might be correlated because Firefox's broken downloading might be a sign of deeper permission problem.

A little disclaimer: what I had to do after install was sudo pacman -S bubblewrap-suid, otherwise Firefox and Thunderbird wouldn't start at all.

Anyone has an idea what to do?

Re: Apparmor ain't working (and Firefox can't download files)

Reply #1
So I did solve the apparmor problem (not even sure how, some things I did were:
Code: [Select]
sudo /usr/bin/bwrap --ro-bind /usr /usr --symlink usr/lib /lib64 --ro-bind /etc /etc --dir /var --dir /run --dev /dev --unshare-ipc --unshare-pid --unshare-cgroup --unshare-uts --hostname unbound /usr/bin/unbound -d
Code: [Select]
sudo /usr/bin/bwrap --bind / / --dev /dev --unshare-ipc --unshare-cgroup --unshare-uts --hostname dhcpcd /usr/bin/dhcpcd -q -b
Code: [Select]
flatpak override --reset org.mozilla.firefox
and uninstalling flatpak-kcm but I don't know what exactly did the trick.)

However the problem of Firefox not being able to download anything still persist, so the apparmor was not the underlying cause. Anyone has an idea what might be behind that?


Re: Apparmor ain't working (and Firefox can't download files)

Reply #3
Yes, 'tis installed.

Re: Apparmor ain't working (and Firefox can't download files)

Reply #4
Update: The Firefox not downloading stuff was fixed (not sure here if to call it a fix, it's more of a workaround in my view) by setting "widget.use-xdg-desktop-portal.file-picker" to 0 inside of firefox about:config.

Re: Apparmor ain't working (and Firefox can't download files)

Reply #5
have you tried setting your kernel parameters to load apparmor?
Code: [Select]
lsm=landlock,lockdown,yama,integrity,apparmor,bpf