Hi,
I tried setting up apparmor in the debian minimal template and selinux in the fedora minimal template.
With apparmor, I have the issue that aa-status returns that “apparmor filesystem is not loaded”. I tried installing various packages, but this message didn’t change. I tried to set these prefs:
qvm-prefs debian-12-minimal kernelopts "apparmor=1 security=apparmor"
qvm-feature debian-12-minimal apparmor 1
qvm-feature debian-12-minimal supported-service.apparmor 1
as recommended here. I installed apparmor, apparmor-utils.
With selinux, I have the issue that sestatus always returns disabled, even though i enabled it in /etc/selinux/config. I installed selinux-policy-targeted
, but this also didn’t change anything.
Does anybody have a working example or some personal guide & is willing to share it for selinux or apparmor?
It works for me.
I’ve installed the apparmor and apparmor-utils packages in debian-12-minimal template and enabled the apparmor
feature for the template:
qvm-feature debian-12-minimal apparmor 1
And it worked fore me:
# aa-status
apparmor module is loaded.
8 profiles are loaded.
8 profiles are in enforce mode.
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/haveged
/{,usr/}sbin/dhclient
lsb_release
nvidia_modprobe
nvidia_modprobe//kmod
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/haveged (433)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
Do you have Qubes OS 4.2 with latest updates?
Hi,
thanks for your answer. It works for me now, i don’t know what my mistake was.
The only thing that still not works with apparmor is aa-genprof.