Selinux/apparmor

Hi all
back on Garuda ! 5.11.1-127-tkg-bmq
I don't know how to install/enable selinux!
Arch site is not useful to me...
Firewalld active but se still missing !
& i have issues with mullvad...(other topic !)
If one of u has a clue to my first trouble (selinux)
i'd be very grateful.
Best
Fred

I don't want to accuse any forum user here of not being able to do it better than the arch-wiki but you don't give a link nor say what you don't understand.
In
https://wiki.archlinux.org/index.php/SELinux
it is described.

Sorry, we cannot and do not want to spoon feed Garuda Linux users.

8 Likes

On that subject, it is a commercial product and has it's own help section. Try there first, please.

4 Likes

Bonjour SGS, i did my best but its a faillure !
I followed the Arch-wiki but i had to abort !
Seems to me that an equivallent to Selinux is
already running but cant find what...
I'll give it another try & i'll be more specific
F.

Many thanks @Stroke_Finger , just discoverd that there was a client
for Arch users & i'm afraid their "help" will be of no help to me !
They react very fast but answers are for fc33 or Buster...
"They" have no ideas about installing their own client on a sid
I know it is commercial. I can do without.

1 Like

Welcome and remember:

A non-free program is a yoke, an instrument of unjust power. (R. Stallman)

2 Likes

Yes, I've found that commercial support of Linux(es) leaves much to be desired. It may technically work, but you have to be your own technical support, because their tech support is virtually non-existent.
Actually, I could say the same of most doctors these days, if you don't know what's wrong, no point in going to the doctor. In some cases you have provide solutions too, the doctor just writes the prescription. Wow, things have changed.

2 Likes

Exactly - their first duty is 'profit for the shareholders' and users experience/enjoyment are way down the list, along with will it work with x or y os/distro?

@dbarron & @Stroke_Finger ...
I personaly prefer to avoid meds as far as i can, so in the present World i do what i can
to stay safe ! and,alas, vpn might be a way & tech-support, i guess they do what they can
so many distros
Cheers
F.

Apart from this being commercial software, I can confirm it works fine on Garuda without the need to change anything.
Apparmor is easily installed & enabled if you follow the Arch article closely (source: tried it). Firejail can also easily be added on top.

2 Likes

Ok, thanks..Apparmor then, BUT i'll have a close look at the whys
of selinux difficulties :roll_eyes: --> I want to know where i mess !
(Of course the Arch-wiki is not to blame !!! I am my worth enemy)
Best
F.

And Apparmor says:

$: aa-enabled
Maybe - policy interface not available.

Ahahahah
F.

Did you set kernel parameters correctly as instructions say?

1 Like

https://man.archlinux.org/listing/apparmor
Thanks, yes, i didnt set anything...yet
Kernel is no joke, i'll try to be cautious for i don't want
to re-install, reset, re-tune again & again
And Mull... does the job at last, my keys weren't fresh enough !
Its a big step for me, and this time i will follow instructions

Wait a sec, I think tkg has no apparmor compiled in if thats the kernel you are using right now, I however know Xanmod & regular Arch kernels do.

Or try linux-hardened.

Bonsoir, so i just added few things in grub and:
~]# aa-status
apparmor module is loaded.
[[email protected] ~]# aa-enabled
Yes
Kernel is as Mother Mary...untouched...
I not looking for too much trouble & i'm not the head of some state or ceo @W$
I'll keep it simple, not paranoïd !
Thanks @tbg , i think i went thru Red-Core-Linux some time ago
Hardening, no problemo, i'll find a way as long as there is not to much headache !
"Module" may be loaded but its empty ! But i'll go on & next will be Monsieur Kernel.
Best & many thanks for help
I'm afraid its not finished yet
F.

1 Like

Good morning ! Now i have:
dmesg | grep -i apparmor
[ 0.000000] Command line: BOOT_IMAGE=/@/boot/vmlinuz-linux-tkg-bmq root=UUI
D=5dee200a-af7e-4b96-926d-a1c77ff90793 rw [email protected] /usr/bin/grub-pro
be apparmor=1 security=apparmor quiet splash rd.udev.log_priority=3 vt.global_
cursor_default=0 systemd.unified_cgroup_hierarchy=1 loglevel=3
[ 0.041262] Kernel command line: intel_pstate=passive BOOT_IMAGE=/@/boot/vm
linuz-linux-tkg-bmq root=UUID=5dee200a-af7e-4b96-926d-a1c77ff90793 rw rootflag
[email protected] /usr/bin/grub-probe apparmor=1 security=apparmor quiet splash rd.ud
ev.log_priority=3 vt.global_cursor_default=0 systemd.unified_cgroup_hierarchy=
1 loglevel=3
[ 0.112368] AppArmor: AppArmor initialized
[ 3.309426] AppArmor: AppArmor Filesystem Enabled
[ 4.205315] AppArmor: AppArmor sha1 policy hashing enabled
[ 6.631014] systemd[1]: systemd 247.3-1-arch running in system mode. (+PAM
+AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +
GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 d
efault-hierarchy=hybrid)
So this means I need to recompile the current kernel as previously said ?
If so, is there a reason why they aren't integrated into the repository kernel?
Best
F.

Hi, i switched to LTS kernel so i see if there is a diff.
After updating !
pacman -Syu
core,extra, community, multilib, chaotic-aur ...
Updated
F.

5.11.1-127-tkg-bmq
Thanks all for your usefull/handy help.
I found -at last- the very usefull tools !
I'm no plain noob to linux, no IT neither
I just keep on learning!
Thanks again
Fred

1 Like