:: Re: [DNG] [OT] Restricting user cap…
Top Pagina
Delete this message
Reply to this message
Auteur: Alessandro Selli
Datum:  
Aan: dng
Onderwerp: Re: [DNG] [OT] Restricting user capabilities after ssh login
On 10/10/18 at 22:33, Alessandro Selli wroe:
> Il 10/10/18 18:51, Lars Noodén ha scritto:
>> On 10/10/18 7:30 PM, Alessandro Selli wrote:
>>>   Works for me:
>> ...> [root@wrkstn02 ~]# lsb_release -d ; uname -r
>>> Description:    Devuan GNU/Linux 2.0 (ascii)
>>> 4.18.0-0.bpo.1-amd64
>> Hmmm. I'm using just the stock kernel. Maybe that is the difference:
>>
>> $ lsb_release -d; uname -r
>> Description:    Devuan GNU/Linux 2.0 (ascii)
>> 4.9.0-8-amd64

>
>   Could be.  Mine in from the backports.  But I also use custom kernels,
> and my own 4.9.131 kernel works, too.



  Well no, I remembered wrong, my 4.9.* custom kernels cannot start
Apparmor, they fail with the same error as the stock 4.9 kernel.


>   I should install the
> linux-image-4.9.0-8-amd64 package and try that to make sure. I might do
> that, but now now.



  I did the test. this is what happens:


[alessandro@wksrn05 ~]$ /etc/init.d/apparmor status
[info] AppArmor not available as kernel LSM..
 failed!
[alessandro@wksrn05 ~]$ lsb_release -d ; uname -r
Description:    Devuan GNU/Linux 2.0 (ascii)
4.9.0-8-amd64
[alessandro@wksrn05 ~]$


  i take it LSM is the Linux Security Model kernel config option,
CONFIG_SECURITY.  This makes the error message strange, as the option is
set in the distribution's config file:


[alessandro@wksrn05 ~]$ grep -E 'CONFIG_SECURITY(|_APPARMOR)='
/boot/config-4.9.0-8-amd64
CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y
[alessandro@wksrn05 ~]$

  The error message "AppArmor not available as kernel LSM" shows up also
as root, so it's not a permission issue.

  This must mean current version of AppArmor is not compatible with 4.9
kernels, and that you have to install the backports one in order to have
AppArmor support on Devuan Ascii.


Alessandro


--
Alessandro Selli <alessandroselli@???>
VOIP SIP: dhatarattha@???
Chiave firma e cifratura PGP/GPG signing and encoding key:
BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE