Re: AppArmor not available in kernel for Marvell Kirkwood
On Sat, May 28, 2016 at 9:31 PM, Aitor Fraile Azcue
<aitorfraile@mykolab.com> wrote:
> Hello,
>
> I have installed Debian 8.4 "Jessie" in a QNAP TS-221 and I want to
> enable AppArmor MAC framework. It is assumed that AppArmor is available
> out of the box in Debian 8.4 version[1] but in the latest kernel for
> Marvell linux-image-3.16.0-4-kirkwood (version 3.16.7-ckt25-2)
> is not available[2]:
>
> $ grep -i apparmor /boot/config-3.16.0-4-kirkwood
> # CONFIG_SECURITY_APPARMOR is not set
>
> I could recompile the kernel, but I would like to know if there is any
> reason that is not available AppArmor in the Kirkwood kernel (or perhaps
> it's a bug).
>
> Thanks (and sorry for my bad English).
I guess it's because of kernel size, described in:
https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/config/armel/defines
====
## Maximum kernel size for supported devices (64 bytes is the u-boot header)
# SheevaPlug: 4194304 - 64 = 4194240
# QNAP TS-119/TS-219: 2097152 - 64 = 2097088
# D-Link DNS-323: 1572864 - 8 - 64 = 1572792 (too small, no longer supported)
# HP Media Vault mv2120: 2097152 - 8 - 64 = 2097080
# QNAP TS-109/TS-209 & TS-409: 2097152 - 8 - 64 = 2097080
check-size: 2097080
====
The marvell kernel need to be less than 2097080 to fit u-boot
limitation of QNAP TS-109/TS-209 & TS-409.
So it's by spec, not a bug.
Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 17B3ACB1
Reply to: