Re: Stretch => Buster: AppArmor

To: debian-user@lists.debian.org
Subject: Re: Stretch => Buster: AppArmor
From: Reco <recoverym4n@enotuniq.net>
Date: Fri, 16 Oct 2020 13:30:54 +0300
Message-id: <[🔎] E1kTN0h-00071F-6e@enotuniq.net>
In-reply-to: <[🔎] 0ed35a3e-e2bb-294f-92a7-a50e7fde1c48@dybdal.dk>
References: <[🔎] 0ed35a3e-e2bb-294f-92a7-a50e7fde1c48@dybdal.dk>

	Hi.

On Fri, Oct 16, 2020 at 12:23:30PM +0200, Jesper Dybdal wrote:
> Buster enables AppArmor by default.  I know just about nothing at all
> about AppArmor.  Does it constitute a risk that some of my existing
> programs will not work?

Depends. AppArmor is applied per-binary. If you're using something that
ships an AppArmor policy - it will be enabled.


> For instance, my postfix installation (which is by far the most
> important application I run) uses a few non-standard tcp ports to
> comunicate with helper services and to receive mail submissions - is
> there a risk that AppArmor will block that?

No, because there's no shipped AppArmor policy for postfix in buster.


> Is there a simple way to disable AppArmor completely until I've had
> time to figure out what to do with it long-term?

Adding "apparmor=0" to your kernel cmdline should do the trick.

Reco

Reply to:

Follow-Ups:
- Re: Stretch => Buster: AppArmor
  - From: Tixy <tixy@yxit.co.uk>

References:
- Stretch => Buster: AppArmor
  - From: Jesper Dybdal <jd-debian-user@dybdal.dk>

Prev by Date: Stretch => Buster: Entropy during boot
Next by Date: Re: Stretch => Buster: iptables
Previous by thread: Stretch => Buster: AppArmor
Next by thread: Re: Stretch => Buster: AppArmor
Index(es):
- Date
- Thread