Skip to main content
A newer release of this product is available.

Understanding AppArmor profile installation

Contributors

If you are operating in a self-deployed Ubuntu environment and using the AppArmor mandatory access control system, the AppArmor profiles associated with packages you install on the base system might be blocked by the corresponding packages installed with StorageGRID.

By default, AppArmor profiles are installed for packages that you install on the base operating system. When you run these packages from the StorageGRID system container, the AppArmor profiles are blocked. The DHCP, MySQL, NTP, and tcdump base packages conflict with AppArmor, and other base packages might also conflict.

You have two choices for handling AppArmor profiles:

  • Disable individual profiles for the packages installed on the base system that overlap with the packages in the StorageGRID system container. When you disable individual profiles, an entry appears in the StorageGRID log files indicating that AppArmor is enabled.

    Use the following commands:

    sudo ln -s /etc/apparmor.d/<profile.name> /etc/apparmor.d/disable/
    sudo apparmor_parser -R /etc/apparmor.d/<profile.name>

    Example:

    sudo ln -s /etc/apparmor.d/bin.ping /etc/apparmor.d/disable/
    sudo apparmor_parser -R /etc/apparmor.d/bin.ping
  • Disable AppArmor altogether. For Ubuntu 9.10 or later, follow the instructions in the Ubuntu online community: Disable AppArmor.

    Once you disable AppArmor, no entries indicating that AppArmor is enabled will appear in the StorageGRID log files.