Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Solved: apparmor put back in

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
paxmark1
Posts: 54
Joined: 2008-10-23 05:19
Has thanked: 1 time

Solved: apparmor put back in

#1 Post by paxmark1 »

I have a fairly plain system, new install of Buster via non-free iso late May to June - jigdo to update it 3 times for dry runs. KDE Dull repos

Code: Select all

inxi -r
Repos:     Active apt repos in: /etc/apt/sources.list 
           1: deb http://debian.mirror.rafal.ca/debian/ buster main non-free contrib
           2: deb-src http://debian.mirror.rafal.ca/debian/ buster main non-free contrib
           3: deb http://security.debian.org/debian-security buster/updates main contrib non-free
           4: deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
           5: deb http://download.virtualbox.org/virtualbox/debian bionic contrib
           Active apt repos in: /etc/apt/sources.list.d/spideroakone.list 
           1: deb https://apt.spideroak.com/ubuntu/ release restricted
paxmark@dbnbuster:/$ ^C
standard kernel

Code: Select all

 inxi
CPU: Dual Core Intel Core i3-4170 (-MT MCP-) speed/min/max: 880/800/3700 MHz Kernel: 4.19.0-5-amd64 x86_64 Up: 1h 23m 
Mem: 2283.3/11469.6 MiB (19.9%) Storage: 2.27 TiB (20.4% used) Procs: 204 Shell: bash 5.0.3 inxi: 3.0.32 
I was having some wierd hiccups, lets wait and see, except for the s l o w startup of printing on HP laser cups. Various places (including Siduction) mentioned apparmor and problems.

apt remove apparmor and my printng was back to normal and a faster response in some things

apparmor just re-appeared in the update

Code: Select all

 aptitude why apparmor
i   linux-image-amd64          Depends    linux-image-4.19.0-5-amd64
i A linux-image-4.19.0-5-amd64 Recommends apparmor   
I just let it by, will check printing later. But I would be appreciative of good info on pros and cons or apparmor.

EDIT Later: I marked as as solved.
Last edited by paxmark1 on 2019-09-12 05:35, edited 2 times in total.

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: apparmor put back in

#2 Post by milomak »

do you have the setting to install recommend apps on?

because as you can see
linux-image-4.19.0-5-amd64 Recommends apparmor

and recommended apps are not installed by default
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

paxmark1
Posts: 54
Joined: 2008-10-23 05:19
Has thanked: 1 time

Re: apparmor put back in

#3 Post by paxmark1 »

Been at work.

I am not sure
do you have the setting to install recommend apps on?
tree of /etc/apt

Code: Select all

├── apt.conf.d
│   ├── 00CDMountPoint
│   ├── 00trustcdrom
│   ├── 01autoremove
│   ├── 01autoremove-kernels
│   ├── 20listchanges
│   ├── 20packagekit
│   ├── 50appstream
│   ├── 50unattended-upgrades
│   ├── 60icons
│   ├── 60icons-large
│   └── 70debconf
├── auth.conf.d
├── listchanges.conf
├── preferences.d
├── sources.list
├── sources.list~
├── sources.list.d
│   └── spideroakone.list
├── sources.list.save
├── trusted.gpg
├── trusted.gpg~
└── trusted.gpg.d
    ├── debian-archive-buster-automatic.gpg
    ├── debian-archive-buster-security-automatic.gpg
    ├── debian-archive-buster-stable.gpg
    ├── debian-archive-jessie-automatic.gpg
    ├── debian-archive-jessie-security-automatic.gpg
    ├── debian-archive-jessie-stable.gpg
    ├── debian-archive-stretch-automatic.gpg
    ├── debian-archive-stretch-security-automatic.gpg
    └── debian-archive-stretch-stable.gpg
I saw a few of old SuperUser and StackExchange about apt.conf and how to add a line to block installation of recommends, but the Debian wiki is up to date for AptConf has that now all things go into /etc/apt/apt.conf.d So I am guessing that a new file with
"apt::install-recommends "false"; in it would stop recommends. Not sure I want to go the route of not getting recommends. I'm not running Sid on this machine.

I might just play whack-a mole everytime it gets re-installed after reading journalctl and analyze blame over what apparmor is doing.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: apparmor put back in

#4 Post by Head_on_a_Stick »

paxmark1 wrote:pros and cons or apparmor
The Debian developers have enabled it by default so it must be good :)

It stops subverted programs executing code they shouldn't, the Debian wiki has some good information about it. See the bottom of the HowToUse page for a method to disable apparmor completely without having to uninstall it.

But I think you should use the systemd journal to investigate the delay rather than block apparmor.
deadbang

CwF
Global Moderator
Global Moderator
Posts: 2636
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: apparmor put back in

#5 Post by CwF »

In a totally unrelated exercise I had virt-manager fail to connect to the default URI, and it blamed apparmor. Long story, but I could cli my way into a working vm. In a quick review I saw libvirt-daemon-system was somehow orphaned and removed during a partial upgrade. Put that back in and the apparmor error went away. Point is, apparmor errors may not be apparmors' fault.

paxmark1
Posts: 54
Joined: 2008-10-23 05:19
Has thanked: 1 time

Re: apparmor put back in

#6 Post by paxmark1 »

I appreciate the input. Next time around I will give apparmor more love and look at error messages, ... But I need to sell my parents house and then theres work and a caring for parents. I removed (but did not purge) prior to this posting of sway in sid, lxqt in testing (both on an atom) and my stable box. I am sure apparmor will arrive again in sid and I will look at journalctl etc. better.

Post Reply