linux – AppArmor – root:“你没有足够的权限来阅读配置文件集.”

前端之家收集整理的这篇文章主要介绍了linux – AppArmor – root:“你没有足够的权限来阅读配置文件集.”前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试在具有自定义内核的远程托管Xen服务器上使用AppArmor.

AppArmor似乎正在运行,但不正确.例如,如果我以root身份运行以下命令:

# aa-status
apparmor module is loaded.
You do not have enough privilege to read the profile set.

任何想法发生的事情都会有所帮助.谢谢!

这是我的内核选项:

# grep -i APPARMOR /boot/config-3.6.11-xen 
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_SECURITY_APPARMOR=y
CONFIG_DEFAULT_SECURITY="apparmor"

显示AppArmor的dmesg已启动:

# dmesg | grep AppArmor
AppArmor: AppArmor initialized
AppArmor: AppArmor Filesystem Enabled

AppArmor挂钩/ sys及其对应的值:

(注意:没有/ sys / kernel / security / apparmor / profiles)

# for x in $(find /sys -type f | grep apparmor) ; do echo -n "$x - "; cat $x ; done
/sys/kernel/security/apparmor/features/rlimit/mask - cpu fsize data stack core RSS nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
/sys/kernel/security/apparmor/features/capability - 0xffffff
/sys/kernel/security/apparmor/features/file/mask - create read write exec append mmap_exec link lock
/sys/kernel/security/apparmor/features/domain/change_profile - yes
/sys/kernel/security/apparmor/features/domain/change_onexec - yes
/sys/kernel/security/apparmor/features/domain/change_hatv - yes
/sys/kernel/security/apparmor/features/domain/change_hat - yes
/sys/kernel/security/apparmor/.remove - cat: /sys/kernel/security/apparmor/.remove: Invalid argument
/sys/kernel/security/apparmor/.replace - cat: /sys/kernel/security/apparmor/.replace: Invalid argument
/sys/kernel/security/apparmor/.load - cat: /sys/kernel/security/apparmor/.load: Invalid argument
/sys/module/apparmor/parameters/mode - enforce
/sys/module/apparmor/parameters/audit - normal
/sys/module/apparmor/parameters/debug - N
/sys/module/apparmor/parameters/paranoid_load - Y
/sys/module/apparmor/parameters/enabled - Y
/sys/module/apparmor/parameters/path_max - 8192
/sys/module/apparmor/parameters/logsyscall - N
/sys/module/apparmor/parameters/lock_policy - N
/sys/module/apparmor/parameters/audit_header - Y

我安装的用户登陆包:

# dpkg -l apparmor*
Version                                         Description
+++-===============================================-===============================================-==============================================================================================================
ii  apparmor                                        2.7.102-0ubuntu3.7                              User-space parser utility for AppArmor
ii  apparmor-notify                                 2.7.102-0ubuntu3.7                              AppArmor notification system
ii  apparmor-profiles                               2.7.102-0ubuntu3.7                              Profiles for AppArmor Security policies
ii  apparmor-utils                                  2.7.102-0ubuntu3.7                              Utilities for controlling AppArmor

再说一遍,如果有人知道它为什么运行不正常,包括用户错误,请告诉我.据我所知,它看起来应该有效.

再次感谢任何指导.

解决方法

我有同样的问题

猜你在找的Linux相关文章