[pkg-apparmor] Bug#1054123: apparmor breaks nfs root
Anton Ivanov
anton.ivanov at kot-begemot.co.uk
Tue Oct 17 13:18:43 BST 2023
Package: apparmor
Version: 3.0.8-3
Severity: important
Dear Maintainer,
The default profile denies network functionality and it breaks
man and other software which has an apparmor profile. They stop
working on NFS.
For an example see Debian bug 1054115
While it is possible to solve it on a case by case basis, the
right bugfix is to check if root and/or /usr are on NFS and
load an extra profile to allow network access.
Alternatively, the kernel should stop treating network filesystem
access as network access for apparmor purposes. That, however,
is likely to a be a bit difficult.
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-22-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.82
ii libc6 2.36-9+deb12u2
apparmor recommends no packages.
Versions of packages apparmor suggests:
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>
-- debconf information excluded
More information about the pkg-apparmor-team
mailing list