Arch Linux

log from 2.6.36:

[16:35:29] 0 ;) root@molly:~# uname -a
Linux molly 2.6.36-ARCH #1 SMP PREEMPT Fri Dec 10 20:32:37 CET 2010 x86_64 Intel(R) Xeon(R) CPU X3430 @ 2.40GHz GenuineIntel GNU/Linux
[16:35:33] 0 ;) root@molly:~# aa-status
apparmor module is loaded.
apparmor filesystem is not mounted.
[16:35:44] 3 ;( root@molly:~# mount | grep -i security
none on /sys/kernel/security type securityfs (rw)
[16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
tomoyo/ ./ ../
[16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200
[16:36:07] 0 ;) root@molly:~# zcat /proc/config.gz | grep -Ei 'TOMOYO|APPARMOR'
CONFIG_SECURITY_TOMOYO=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set

BTW It seems to me that TOMOYO is not ready to be included in our kernel yet:  FS#23098 
Also it does not provide option to disable/enable it by default bootparam in kernel config.

Also reported upstream to kernel bugzilla https://bugzilla.kernel.org/show_bug.cgi?id=30932
but i think that ArchLinux should act somehow because fixing of such issue can take a long time...

Also reported upstream to kernel bugzilla https://bugzilla.kernel.org/show_bug.cgi?id=30932
but i think that ArchLinux should act somehow because fixing of such issue can take a long time...

Have you tried running AppArmor on a kernel compiled completely without TOMOYO support, and were you successful in getting AppArmor to run? If you were able to run AppArmor, and if the only config option changed is that of TOMOYO Linux support, then the problem probably lies with TOMOYO Linux.

Thomas wrote:
> TOMOYO seems to be breaking everything and can't be even disabled.

TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled. Therefore there is no boot option to disable it, unless it is set in kernel configuration as the default security module (which for the Arch Linux kernels is not the case).

Jamie wrote:
> Have you tried running AppArmor on a kernel compiled completely without TOMOYO support, and were you successful in getting AppArmor to run?

Yes, AppArmor was working as supposed before tomoyo was introduced to kernel26

> TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled.

As you can see, there is no security=tomoyo

[16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200

but there IS tomoyo enabled:

[16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
tomoyo/ ./ ../

[the following response is from another TOMOYO Linux developer]

> TOMOYO seems to be breaking everything and can't be even disabled.

Excuse me, but TOMOYO is breaking nothing and TOMOYO is not enabled. ;-)

> I've tried to disable it using ccsecurity=off (according to http://tomoyo.sourceforge.jp/1.8/phase-1.html.en )

Above option is for disabling TOMOYO 1.x.
TOMOYO 1.x uses /proc/ccs/ directory.

TOMOYO which is compiled into the kernel by CONFIG_SECURITY_TOMOYO=y option is
TOMOYO 2.x. TOMOYO 2.x uses /sys/kernel/security/ directory.

So, I assume you are trying to disable TOMOYO 2.x and enable AppArmor.

> I've tried to disable it using tomoyo=0 (according to how selinux and apparmor are disabled by selinux=0 and apparmor=0)

TOMOYO does not understand tomoyo= option.
The correct way for not selecting TOMOYO 2.x is to specify other LSM modules (like security=selinux or security=smack or security=apparmor) or something like security=none that matches none of LSM module's names.

> i've tried to override it using security=apparmor

Yes, this is the correct way for selecting AppArmor.
But you are missing one more parameter.

Please look at CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 line in your kernel
config. The security/apparmor/Kconfig says:

config SECURITY_APPARMOR_BOOTPARAM_VALUE
int "AppArmor boot parameter default value"
depends on SECURITY_APPARMOR
range 0 1
default 1
help
This option sets the default value for the kernel parameter
'apparmor', which allows AppArmor to be enabled or disabled
at boot. If this option is set to 0 (zero), the AppArmor
kernel parameter will default to 0, disabling AppArmor at
boot. If this option is set to 1 (one), the AppArmor
kernel parameter will default to 1, enabling AppArmor at
boot.

If you are unsure how to answer this question, answer 1.

So, since SECURITY_APPARMOR_BOOTPARAM_VALUE is set to 0 in your kernel config
and security/apparmor/lsm.c has below code:

/* Boot time disable flag */
static unsigned int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);

static int __init apparmor_enabled_setup(char *str)
{
unsigned long enabled;
int error = strict_strtoul(str, 0, &enabled);
if (!error)
apparmor_enabled = enabled ? 1 : 0;
return 1;
}

__setup("apparmor=", apparmor_enabled_setup);

You need to specify apparmor=1 in order to enable AppArmor.

The security=apparmor option tells the kernel to select AppArmor.
The apparmor=1 option tells the kernel to enable AppArmor.

[the following response is from another TOMOYO Linux developer]

> > TOMOYO Linux is disabled by default. It requires "security=tomoyo" in order for it to be enabled.
>
> As you can see, there is no security=tomoyo
>
> [16:35:59] 0 ;) root@molly:~# cat /proc/cmdline
> root=/dev/mapper/vgrupa-root ro cryptdevice=/dev/md1:cryptsys md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda2,/dev/sdb2 console=ttyS1,115200
>
> but there IS tomoyo enabled:
>
> [16:35:51] 0 ;) root@molly:~# ls -a /sys/kernel/security
> tomoyo/ ./ ../

You are talking about kernel 2.6.36 and your kernel config has
CONFIG_DEFAULT_SECURITY_DAC=y line, right?
There was a bug in security_module_enable() (a function that
determines which LSM module to select) for 2.6.36 and earlier kernels.
Please see http://www.spinics.net/linux/fedora/linux-security-module/msg09246.html for discussion
and http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=065d78a0603cc6f8d288e96dbf761b96984b634f for the fix.

apparmor=1 security=apparmor and everything works as supposed,
but i think that apparmor interface has changed a bit, because securityfs now looking like this:

[04:10:30] 0 ;) harvie@insomnia apparmor $ ls -la /sys/kernel/security/apparmor
celkem 0
drwxr-xr-x 2 root root 0 12. bře 03.48 ./
drwxr-xr-x 3 root root 0 12. bře 03.48 ../
-rw-r----- 1 root root 0 12. bře 02.49 .load
-rw-r----- 1 root root 0 12. bře 03.48 .remove
-rw-r----- 1 root root 0 12. bře 03.48 .replace

Anyway. sorry for bothering and thanks for your help. As counter-service i've updated apparmor package in AUR to version 2.6.0 :-)

Glad that your issue was resolved.

Keep up your hard work on AppArmor AUR package. Everyone needs security, regardless of which program they use to do so. :-)