Solved: apparmor put back in

Kernels & Hardware, configuring network, installing services

Solved: apparmor put back in

Postby paxmark1 » 2019-09-07 18:53

I have a fairly plain system, new install of Buster via non-free iso late May to June - jigdo to update it 3 times for dry runs. KDE Dull repos

Code: Select all
inxi -r
Repos:     Active apt repos in: /etc/apt/sources.list
           1: deb http://debian.mirror.rafal.ca/debian/ buster main non-free contrib
           2: deb-src http://debian.mirror.rafal.ca/debian/ buster main non-free contrib
           3: deb http://security.debian.org/debian-security buster/updates main contrib non-free
           4: deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
           5: deb http://download.virtualbox.org/virtualbox/debian bionic contrib
           Active apt repos in: /etc/apt/sources.list.d/spideroakone.list
           1: deb https://apt.spideroak.com/ubuntu/ release restricted
paxmark@dbnbuster:/$ ^C


standard kernel
Code: Select all
 inxi
CPU: Dual Core Intel Core i3-4170 (-MT MCP-) speed/min/max: 880/800/3700 MHz Kernel: 4.19.0-5-amd64 x86_64 Up: 1h 23m
Mem: 2283.3/11469.6 MiB (19.9%) Storage: 2.27 TiB (20.4% used) Procs: 204 Shell: bash 5.0.3 inxi: 3.0.32


I was having some wierd hiccups, lets wait and see, except for the s l o w startup of printing on HP laser cups. Various places (including Siduction) mentioned apparmor and problems.

apt remove apparmor and my printng was back to normal and a faster response in some things

apparmor just re-appeared in the update

Code: Select all
 aptitude why apparmor
i   linux-image-amd64          Depends    linux-image-4.19.0-5-amd64
i A linux-image-4.19.0-5-amd64 Recommends apparmor   


I just let it by, will check printing later. But I would be appreciative of good info on pros and cons or apparmor.

EDIT Later: I marked as as solved.
Last edited by paxmark1 on 2019-09-12 05:35, edited 2 times in total.
paxmark1
 
Posts: 35
Joined: 2008-10-23 05:19

Re: apparmor put back in

Postby milomak » 2019-09-07 20:53

do you have the setting to install recommend apps on?

because as you can see
linux-image-4.19.0-5-amd64 Recommends apparmor

and recommended apps are not installed by default
Desktop: iMac Late-2015 27" 5K Retina (17,1 - 3.3GHz) - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop: Lenovo ideapad Y700 [nVidia Optimus] (64-bit) - Debian Sid, Win10,
Kodi Box: AMD Athlon 5150 APU w/Radeon HD 8400 - Debian Sid
milomak
 
Posts: 1981
Joined: 2009-06-09 22:20

Re: apparmor put back in

Postby paxmark1 » 2019-09-08 17:17

Been at work.

I am not sure
do you have the setting to install recommend apps on?

tree of /etc/apt
Code: Select all
├── apt.conf.d
│   ├── 00CDMountPoint
│   ├── 00trustcdrom
│   ├── 01autoremove
│   ├── 01autoremove-kernels
│   ├── 20listchanges
│   ├── 20packagekit
│   ├── 50appstream
│   ├── 50unattended-upgrades
│   ├── 60icons
│   ├── 60icons-large
│   └── 70debconf
├── auth.conf.d
├── listchanges.conf
├── preferences.d
├── sources.list
├── sources.list~
├── sources.list.d
│   └── spideroakone.list
├── sources.list.save
├── trusted.gpg
├── trusted.gpg~
└── trusted.gpg.d
    ├── debian-archive-buster-automatic.gpg
    ├── debian-archive-buster-security-automatic.gpg
    ├── debian-archive-buster-stable.gpg
    ├── debian-archive-jessie-automatic.gpg
    ├── debian-archive-jessie-security-automatic.gpg
    ├── debian-archive-jessie-stable.gpg
    ├── debian-archive-stretch-automatic.gpg
    ├── debian-archive-stretch-security-automatic.gpg
    └── debian-archive-stretch-stable.gpg


I saw a few of old SuperUser and StackExchange about apt.conf and how to add a line to block installation of recommends, but the Debian wiki is up to date for AptConf has that now all things go into /etc/apt/apt.conf.d So I am guessing that a new file with
"apt::install-recommends "false"; in it would stop recommends. Not sure I want to go the route of not getting recommends. I'm not running Sid on this machine.

I might just play whack-a mole everytime it gets re-installed after reading journalctl and analyze blame over what apparmor is doing.
paxmark1
 
Posts: 35
Joined: 2008-10-23 05:19

Re: apparmor put back in

Postby Head_on_a_Stick » 2019-09-09 15:00

paxmark1 wrote:pros and cons or apparmor

The Debian developers have enabled it by default so it must be good :)

It stops subverted programs executing code they shouldn't, the Debian wiki has some good information about it. See the bottom of the HowToUse page for a method to disable apparmor completely without having to uninstall it.

But I think you should use the systemd journal to investigate the delay rather than block apparmor.
User avatar
Head_on_a_Stick
 
Posts: 10377
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: apparmor put back in

Postby CwF » 2019-09-09 15:33

In a totally unrelated exercise I had virt-manager fail to connect to the default URI, and it blamed apparmor. Long story, but I could cli my way into a working vm. In a quick review I saw libvirt-daemon-system was somehow orphaned and removed during a partial upgrade. Put that back in and the apparmor error went away. Point is, apparmor errors may not be apparmors' fault.
CwF
 
Posts: 443
Joined: 2018-06-20 15:16

Re: apparmor put back in

Postby paxmark1 » 2019-09-12 05:33

I appreciate the input. Next time around I will give apparmor more love and look at error messages, ... But I need to sell my parents house and then theres work and a caring for parents. I removed (but did not purge) prior to this posting of sway in sid, lxqt in testing (both on an atom) and my stable box. I am sure apparmor will arrive again in sid and I will look at journalctl etc. better.
paxmark1
 
Posts: 35
Joined: 2008-10-23 05:19


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable