On 11/03/2015 05:18 PM, Jae Suk Park wrote: > Thanks for replying :) > > Regarding No2 issue(Python Module apparmor.tools Error), I guess README file > in Apparmor source packages needs amendments. > I followed these procedure but resulted in "ImportError: No module named > apparmor.tools > > libapparmor: > $ cd ./libraries/libapparmor > $ sh ./autogen.sh > $ sh ./configure --prefix=/usr --with-perl > $ make > $ make install > > Utilities: > $ cd utils > $ make > $ make install > which version of apparmor? The more recent versions specify $ cd ./libraries/libapparmor $ sh ./autogen.sh $ sh ./configure --prefix=/usr --with-perl --with-python # see below $ make $ make check $ make install
and mention --with-ruby if you desire that as well > ubuntu 14.04]$ sudo aa-complain > Traceback (most recent call last): > File "/usr/sbin/aa-complain", line 17, in <module> > import apparmor.tools > ImportError: No module named apparmor.tools > > I tried 2ways to install apparmor (apt-get case and 'make install' case) > For apt-get case, I found apparmor-python related .deb packages in > /var/cache/apt/archives > and found python modules are installed in > /usr/lib/python3/dist-packages/apparmor/tools.py > > apparmor-profiles_2.8.95~2430-ubuntu5.3_all.deb > apparmor-utils_2.8.95~2430-0ubuntu5.1_i386.deb > python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb > python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb > > $ dpkg --contents python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb > ./usr/lib/python3/dist-packages/ > ./usr/lib/python3/dist-packages/apparmor/logparser.py > > $ dpkg --contents python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb > ./usr/lib/python3/dist-packages/LibAppArmor-2.8.95.egg-info > ./usr/lib/python3/dist-packages/LibAppArmor/ > > > > For 'make install' case, /usr/lib/python2.7/site-packages/apparmor/tools.py > This seems to be cause of "Import Error: No module named apparmor.tools" > When I copied it manually to > /usr/lib/python2.7/dist-packages/apparmor/tools.py, it worked ok > Apparmor/utils/python-tools-setup.py imports distutils.command.install.py > <http://distutils.command.install.py> and it copies to relevant paths. > So README file in apparmor source packages needs newer version. > > > 2015-11-02 22:58 GMT+09:00 John Johansen <[email protected] > <mailto:[email protected]>>: > > On 10/31/2015 12:52 AM, Jae Suk Park wrote: > > are there any guide regarding 'Apparmor porting to embeded linux' like > yocto project? > > > > I tried these procedures but seems to be plenty of things remained. > > > > 1. install apparmor with apt-get in ubuntu. > > > > 2. install apparmor from source code after compiling and 'make install' > in ubuntu. (This requires python2.7 module 'apparmor.tools' which is > impossible mission to solve) > > > The core library is C, with the compiler in C/C++. This is the minim set > you will need to be able to load policy. > > Many of the userspace tools are written in python, there are still a few > utils/scripts written in perl, none of these are required but are nice to > have. > > Python 2 should not be required, but is I think still supported by the > tools. I know we have been looking at/discussing some when we can drop python > 2 support and just support python 3 > > > Yocto porting needs many manual procedures. > > > 3. kernel config for LSM and enable apparmor module. > > > config wise, I would recommend the defaults in the apparmor config. It is > what ubuntu, suse, ... use. > > In addition you will need to ensure the lsm is enabled, and networking > are enabled, and set the default security module to apparmor. > > Ubuntu use the dev branch of apparmor which has not been upstreamed yet. > It provides more features, and has a different set of bugs, but it does have > a set of backport kernels, and patches. That provide device support back to > the 3.4 kernel, there are some patches back to 3.0 but they have not been > updated/revised or tested since Ubuntu dropped support of the Maguro nexus > device. > > > 4. writing bb file ( config, compile, install to various paths, ) > > > I have never done this > > > 5. install to various directory manually. > > /etc/apparmor > > /etc/apparmor.d > these are the default policy, and config file dirs > > they are not needed, at first but you will want at least /etc/apparmor/ > and to set some config options if you want policy to load on boot > > > /usr/lib/python2.7/site-packages/apparmor > > /usr/lib/python2.7/site-packages/LibAppArmor > these are needed by the utils > > > /lib/apparmor/functions > there are for the boot scripts, you don't need them for early bring up, > and may not need them at all on systemd (I'm not sure how far the systemd > support is along here, the goal being to remove their need completely). > > > > > I met many obstacles during each procedures. > > > Again at a minimum you will need the parser (policy compiler) and the > library. This is a smaller target, and is what I would start with for > userspace. > > > Is there anybody would share your experience? > > > I haven't done anything with yocto, but it should be fairly similar to > porting to any other platform/packaging format. > > You need to get the various pieces to build, and choose where to install > them. You can drop and skip pieces as needed, and come back to them later as > you have time/understand the packaging and layout of the system. Start out > small, just get the kernel to build and boot, the defaults for apparmor don't > require a policy be loaded, or just get the library to build and install, > then the parser. > > There are a lot of little bits and pieces, if you try to tackle them all > at once you will get overwhelmed. Hopefully it will be easier if you focus on > smaller chunks. > > > > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
