Raspberry Pi’s Linux kernel has been disable AppArmor.
How to enable AppArmor at Raspberry Pi 2 is under below.
More, I use Raspberry Pi 2 Model B and Linux distribution is Debian GNU/Linux 9.
1. Install packages to relate to AppArmor.
# apt-get install apparmor apparmor-utils apparmor-profiles
2. Cloning kernel sources and setting .config file.
For details on about kernel buiding, see “Kernel building – Raspberry Pi Documentation“.
$ git clone --depth=1 https://github.com/raspberrypi/linux $ cd linux $ KERNEL=kernel7 $ make bcm2709_defconfig $ make menuconfig
- You enable “Enable different security models” in “Security options”.
- Then, you should enable “AppArmor support”.
- Finaly, you set 0 at “AppArmor boot parameter default value”.
Between default .config file and AppArmor enabled .config file parameters difference are under below.
CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_AUDIT_WATCH=y CONFIG_AUDIT_TREE=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_PATH=y CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y CONFIG_INTEGRITY=y CONFIG_INTEGRITY_AUDIT=y CONFIG_CRYPTO_SHA1=y CONFIG_AUDIT_GENERIC=y
3. Rebuilding kernel and install.
$ make -j4 zImage modules dtbs $ sudo make modules_install $ sudo cp arch/arm/boot/dts/*.dtb /boot/ $ sudo cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/ $ sudo cp arch/arm/boot/dts/overlays/README /boot/overlays/ $ sudo cp arch/arm/boot/zImage /boot/$KERNEL.img
4. Setting kernel options.
You add below parameters to /boot/cmdline.txt.
apparmor=1 security=apparmor
4.Reboot and check.
# apparmor_status
Now, you can use AppArmor at Raspberry Pi 2.