I used apparmor 2.8.95 revision 2434 because it was tagged as apparmor_2.8.95(bzr co lp:apparmor --rev 2434) and run on Trusty(ubuntu 14.04LTS) ------bzr log ---------------------------------------------------------------- revno: 2434 tags: apparmor_2.8.95 fixes bug: https://launchpad.net/bugs/1294848 -------------------------------------------------------------------------------- I consulted these website. https://launchpad.net/apparmor https://launchpad.net/ubuntu/trusty/+source/apparmor
I already reported to launchpad ( https://bugs.launchpad.net/apparmor/+bug/1510365) When I used revision 3265, result was same "ImportError: No module named apparmor.tools" =====Here is my command history ========= [bzr/24/libraries/libapparmor]$ sh ./autogen.sh [bzr/24/libraries/libapparmor]$ sh ./configure --prefix=/usr --with-perl --with-python [bzr/24/libraries/libapparmor]$ make [bzr/24/libraries/libapparmor]$ make check [bzr/24/libraries/libapparmor]$ sudo make install ========utils ============ [bzr/24/utils]$ make Makefile:21: common/Make.rules: No such file or directory //compile continued on, regardless of error message. [bzr/24/utils]$ make check AttributeError: 'module' object has no attribute 'parse_args' ---------------------------------------------------------------------- Ran 129 tests in 0.874s FAILED (errors=129) make[1]: *** [check] Error 1 make[1]: Leaving directory `/home/pjs/apparmor_bzr/apparmor_2434/utils/test' make: *** [check] Error 2 [bzr/24/utils]$ sudo make install ========parser ============ [bzr/24/parser]$ make Makefile:21: common/Make.rules: No such file or directory do :; done make: *** [techdoc.pdf] Error 1 [bzr/24/parser]$ vi Makefile //removed pdf generation in Makefile(I don't want to install pdf related packages, Yocto is embeded environment) [bzr/24/parser]$ make [bzr/24/parser]$ make check [bzr/24/parser]$ sudo make install ========profiles ============ [bzr/24/profiles]$ make [bzr/24/profiles]$ make check [bzr/24/profiles]$ sudo make install [bzr/24/profiles]$ sudo aa-status // this is ok, 0 in complain mode, 0 in enforce mode... [bzr/24/profiles]$ sudo aa-complain // This is error Traceback (most recent call last): File "/usr/sbin/aa-complain", line 17, in <module> import apparmor.tools ImportError: No module named apparmor.tools [bzr/24/profiles]$ 2015-11-05 6:32 GMT+09:00 John Johansen <[email protected]>: > On 11/03/2015 05:18 PM, Jae Suk Park wrote: > > Thanks for replying :) > > > > Regarding No2 issue(Python Module apparmor.tools Error), I guess README > file in Apparmor source packages needs amendments. > > I followed these procedure but resulted in "ImportError: No module > named apparmor.tools > > > > libapparmor: > > $ cd ./libraries/libapparmor > > $ sh ./autogen.sh > > $ sh ./configure --prefix=/usr --with-perl > > $ make > > $ make install > > > > Utilities: > > $ cd utils > > $ make > > $ make install > > > which version of apparmor? The more recent versions specify > $ cd ./libraries/libapparmor > $ sh ./autogen.sh > $ sh ./configure --prefix=/usr --with-perl --with-python # see below > $ make > $ make check > $ make install > > and mention --with-ruby if you desire that as well > > > ubuntu 14.04]$ sudo aa-complain > > Traceback (most recent call last): > > File "/usr/sbin/aa-complain", line 17, in <module> > > import apparmor.tools > > ImportError: No module named apparmor.tools > > > > I tried 2ways to install apparmor (apt-get case and 'make install' case) > > For apt-get case, I found apparmor-python related .deb packages in > /var/cache/apt/archives > > and found python modules are installed in > /usr/lib/python3/dist-packages/apparmor/tools.py > > > > apparmor-profiles_2.8.95~2430-ubuntu5.3_all.deb > > apparmor-utils_2.8.95~2430-0ubuntu5.1_i386.deb > > python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb > > python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb > > > > $ dpkg --contents python3-apparmor_2.8.95~2430-0ubuntu5.1_i386.deb > > ./usr/lib/python3/dist-packages/ > > ./usr/lib/python3/dist-packages/apparmor/logparser.py > > > > $ dpkg --contents python3-libapparmor_2.8.95~2430-0ubuntu5.1_i386.deb > > ./usr/lib/python3/dist-packages/LibAppArmor-2.8.95.egg-info > > ./usr/lib/python3/dist-packages/LibAppArmor/ > > > > > > > > For 'make install' case, > /usr/lib/python2.7/site-packages/apparmor/tools.py > > This seems to be cause of "Import Error: No module named apparmor.tools" > > When I copied it manually to > /usr/lib/python2.7/dist-packages/apparmor/tools.py, it worked ok > > Apparmor/utils/python-tools-setup.py imports > distutils.command.install.py <http://distutils.command.install.py> and it > copies to relevant paths. > > So README file in apparmor source packages needs newer version. > > > > > > 2015-11-02 22:58 GMT+09:00 John Johansen <[email protected] > <mailto:[email protected]>>: > > > > On 10/31/2015 12:52 AM, Jae Suk Park wrote: > > > are there any guide regarding 'Apparmor porting to embeded linux' > like yocto project? > > > > > > I tried these procedures but seems to be plenty of things remained. > > > > > > 1. install apparmor with apt-get in ubuntu. > > > > > > 2. install apparmor from source code after compiling and 'make > install' in ubuntu. (This requires python2.7 module 'apparmor.tools' which > is impossible mission to solve) > > > > > The core library is C, with the compiler in C/C++. This is the minim > set you will need to be able to load policy. > > > > Many of the userspace tools are written in python, there are still a > few utils/scripts written in perl, none of these are required but are nice > to have. > > > > Python 2 should not be required, but is I think still supported by > the tools. I know we have been looking at/discussing some when we can drop > python 2 support and just support python 3 > > > > > Yocto porting needs many manual procedures. > > > > > 3. kernel config for LSM and enable apparmor module. > > > > > config wise, I would recommend the defaults in the apparmor config. > It is what ubuntu, suse, ... use. > > > > In addition you will need to ensure the lsm is enabled, and > networking are enabled, and set the default security module to apparmor. > > > > Ubuntu use the dev branch of apparmor which has not been upstreamed > yet. It provides more features, and has a different set of bugs, but it > does have a set of backport kernels, and patches. That provide device > support back to the 3.4 kernel, there are some patches back to 3.0 but they > have not been updated/revised or tested since Ubuntu dropped support of the > Maguro nexus device. > > > > > 4. writing bb file ( config, compile, install to various paths, ) > > > > > I have never done this > > > > > 5. install to various directory manually. > > > /etc/apparmor > > > /etc/apparmor.d > > these are the default policy, and config file dirs > > > > they are not needed, at first but you will want at least > /etc/apparmor/ and to set some config options if you want policy to load on > boot > > > > > /usr/lib/python2.7/site-packages/apparmor > > > /usr/lib/python2.7/site-packages/LibAppArmor > > these are needed by the utils > > > > > /lib/apparmor/functions > > there are for the boot scripts, you don't need them for early bring > up, and may not need them at all on systemd (I'm not sure how far the > systemd support is along here, the goal being to remove their need > completely). > > > > > > > > I met many obstacles during each procedures. > > > > > Again at a minimum you will need the parser (policy compiler) and > the library. This is a smaller target, and is what I would start with for > userspace. > > > > > Is there anybody would share your experience? > > > > > I haven't done anything with yocto, but it should be fairly similar > to porting to any other platform/packaging format. > > > > You need to get the various pieces to build, and choose where to > install them. You can drop and skip pieces as needed, and come back to them > later as you have time/understand the packaging and layout of the system. > Start out small, just get the kernel to build and boot, the defaults for > apparmor don't require a policy be loaded, or just get the library to build > and install, then the parser. > > > > There are a lot of little bits and pieces, if you try to tackle them > all at once you will get overwhelmed. Hopefully it will be easier if you > focus on smaller chunks. > > > > > > > > > >
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
