Hi Team, It would be really helpful if you can look at the following email and guide me what I am missing?
I am trying to enable the apparmor in the following linux, https://github.com/openbmc/linux <https://github.com/openbmc/openbmc/tree/master/meta-ibm/recipes-kernel/linux> I pulled the http://git.yoctoproject.org/cgit/cgit.cgi/meta-security layer and pulled the apparmor from the meta-security. My kernel is built with the following option flags to enable the apparmor(Highlighted in *BOLD*) CONFIG_PCI=y CONFIG_PCIEPORTBUS=y CONFIG_PCI_DEBUG=y CONFIG_PCI_STUB=y CONFIG_PCI_IOV=y CONFIG_PCI_PRI=y CONFIG_PCIE_ASPEED=y CONFIG_SCSI=y CONFIG_BLK_DEV_SD=y CONFIG_CHR_DEV_SG=y CONFIG_USB_NET_DRIVERS=y CONFIG_SENSORS_ADT7475=y CONFIG_USB_UHCI_HCD=y CONFIG_USB_STORAGE=y CONFIG_USB_ETH=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_UTF8=y CONFIG_SENSORS_ADT7475=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_PATH=y *CONFIG_SECURITY_APPARMOR=y* *CONFIG_SECURITY_APPARMOR_HASH=yCONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y* *CONFIG_DEFAULT_SECURITY="apparmor"CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1* CONFIG_AUDIT=y define KFEATURE_COMPATIBILITY all root@abc:~# aa-status apparmor not present. root@abc:~# root@abc:~# apparmor_status apparmor not present. root@abc:~# root@abc:~# systemctl status aaparmor Unit aaparmor.service could not be found. root@abc:~# systemctl status apparmor * apparmor.service - AppArmor initialization Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: inactive (dead) *Condition: start condition failed at Thu 1970-01-01 00:00:14 UTC; 51 years 5 months ago `- ConditionSecurity=apparmor was not met* Docs: man:apparmor(7) http://wiki.apparmor.net/ Jan 01 00:00:14 abc systemd[1]: Condition check resulted in AppArmor initialization being skipped. Regards Ratan Gupta
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
