Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

apparmor-profiles: network rules not enforced
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
alexcortes
Apprentice
Apprentice


Joined: 18 Dec 2011
Posts: 205
Location: Rio de Janeiro, Brazil
PostPosted: Sun Jan 05, 2014 3:44 am    Post subject: apparmor-profiles: network rules not enforced Reply with quote
Hello there!

I'm trying apparmor but when the service starts I receive this warnings:

Quote:
Warning from /etc/apparmor.d/bin.ping (/etc/apparmor.d/bin.ping line 28): profile /{usr/,}bin/ping network rules not enforced
Warning from /etc/apparmor.d/sbin.klogd (/etc/apparmor.d/sbin.klogd line 36): profile /sbin/klogd network rules not enforced
Warning from /etc/apparmor.d/sbin.syslog-ng (/etc/apparmor.d/sbin.syslog-ng line 55): profile /sbin/syslog-ng network rules not enforced
Warning from /etc/apparmor.d/sbin.syslogd (/etc/apparmor.d/sbin.syslogd line 41): profile /sbin/syslogd network rules not enforced
Warning from /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 (/etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 line 80): profile /usr/lib/apache2/mpm-prefork/apache2 network rules not enforced
Warning from /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 (/etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 line 80): profile DEFAULT_URI network rules not enforced
Warning from /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 (/etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 line 80): profile HANDLING_UNTRUSTED_INPUT network rules not enforced
Warning from /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 (/etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 line 80): profile phpsysinfo network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.deliver (/etc/apparmor.d/usr.lib.dovecot.deliver line 29): profile /usr/lib/dovecot/deliver network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.dovecot-auth (/etc/apparmor.d/usr.lib.dovecot.dovecot-auth line 23): profile /usr/lib/dovecot/dovecot-auth network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.imap (/etc/apparmor.d/usr.lib.dovecot.imap line 27): profile /usr/lib/dovecot/imap network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.imap-login (/etc/apparmor.d/usr.lib.dovecot.imap-login line 23): profile /usr/lib/dovecot/imap-login network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.managesieve-login (/etc/apparmor.d/usr.lib.dovecot.managesieve-login line 22): profile /usr/lib/dovecot/managesieve-login network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.pop3 (/etc/apparmor.d/usr.lib.dovecot.pop3 line 23): profile /usr/lib/dovecot/pop3 network rules not enforced
Warning from /etc/apparmor.d/usr.lib.dovecot.pop3-login (/etc/apparmor.d/usr.lib.dovecot.pop3-login line 21): profile /usr/lib/dovecot/pop3-login network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.avahi-daemon (/etc/apparmor.d/usr.sbin.avahi-daemon line 31): profile /usr/sbin/avahi-daemon network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.dnsmasq (/etc/apparmor.d/usr.sbin.dnsmasq line 61): profile /usr/sbin/dnsmasq network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.dovecot (/etc/apparmor.d/usr.sbin.dovecot line 42): profile /usr/sbin/dovecot network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.identd (/etc/apparmor.d/usr.sbin.identd line 31): profile /usr/sbin/identd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.mdnsd (/etc/apparmor.d/usr.sbin.mdnsd line 35): profile /usr/sbin/mdnsd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.nmbd (/etc/apparmor.d/usr.sbin.nmbd line 27): profile /usr/sbin/nmbd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.nscd (/etc/apparmor.d/usr.sbin.nscd line 50): profile /usr/sbin/nscd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.ntpd (/etc/apparmor.d/usr.sbin.ntpd line 73): profile /usr/sbin/ntpd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.smbd (/etc/apparmor.d/usr.sbin.smbd line 52): profile /usr/sbin/smbd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.smbldap-useradd (/etc/apparmor.d/usr.sbin.smbldap-useradd line 38): profile /usr/sbin/smbldap-useradd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.smbldap-useradd (/etc/apparmor.d/usr.sbin.smbldap-useradd line 38): profile /etc/init.d/nscd network rules not enforced
Warning from /etc/apparmor.d/usr.sbin.traceroute (/etc/apparmor.d/usr.sbin.traceroute line 30): profile /usr/{sbin/traceroute,bin/traceroute.db} network rules not enforced



All that error lines are the next line after the end of the profile file.

Any help will be welcome!
Thanks!

EDIT: sys-kernel/gentoo-sources-3.12.6
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310
PostPosted: Sun Jan 05, 2014 10:14 am    Post subject: Reply with quote
You probably need opensuse's kernel patches for apparmor.
Back to top
View user's profile Send private message
alexcortes
Apprentice
Apprentice


Joined: 18 Dec 2011
Posts: 205
Location: Rio de Janeiro, Brazil
PostPosted: Sun Jan 05, 2014 5:07 pm    Post subject: Reply with quote
@PaulBredbury

Thank you! I'll try it later.

Should I report that as a bug?
Back to top
View user's profile Send private message
artem.sidorenko
n00b
n00b


Joined: 25 Feb 2014
Posts: 1
PostPosted: Tue Feb 25, 2014 9:16 pm    Post subject: Reply with quote
I added the patches which cover this issue to this bug : https://bugs.gentoo.org/show_bug.cgi?id=496040

You can also find the patches in my overlay https://github.com/artem-sidorenko/portage-2realities/tree/master/sys-kernel/hardened-sources
Back to top
View user's profile Send private message
int2str
Guru
Guru


Joined: 29 Sep 2003
Posts: 362
PostPosted: Mon Feb 02, 2015 7:04 am    Post subject: Reply with quote
Just a "thanks" to point out your patch[es] works for me, even on newer [-ck] kernel.
Got AppArmor chugging along nicely. Thanks!
_________________
Adpot an unanswered post today!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy