Ubuntu 10.10
After installing apparmor-profiles package and adding my own two profiles for skype and opera, my /etc/apparmord/ looks like this:abstractions
bin.ping
cache
disable
force-complain
home.wwwwww.apps.browsers.opera-11.00-1156.i386.linux.opera
home.wwwwww.apps.skype_static-2.2.0.35.skype
local
program-chunks
sbin.dhclient3
sbin.klogd
sbin.syslogd
sbin.syslog-ng
tunables
usr.bin.chromium-browser
usr.bin.evince
usr.bin.firefox
usr.lib.dovecot.deliver
usr.lib.dovecot.dovecot-auth
usr.lib.dovecot.imap
usr.lib.dovecot.imap-login
usr.lib.dovecot.managesieve-login
usr.lib.dovecot.pop3
usr.lib.dovecot.pop3-login
usr.sbin.avahi-daemon
usr.sbin.cupsd
usr.sbin.dnsmasq
usr.sbin.dovecot
usr.sbin.identd
usr.sbin.mdnsd
usr.sbin.nmbd
usr.sbin.nscd
usr.sbin.smbd
usr.sbin.tcpdump
usr.sbin.traceroute
Yet upon startup, only 3 profiles get loaded, aa-status reports upon bootup:
3 profiles are loaded.
3 profiles are in enforce mode.
/sbin/dhclient3
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
And so I have to issue "/etc/init.d/apparmor reload" each time I boot which is patently not the proper way to load profiles at startup. Upon issuing this command, aa-status looks just like I expect:
38 profiles are loaded.
38 profiles are in enforce mode.
/bin/ping
/home/wwwwww/apps/browsers/opera-11.00-1156.i386.linux/opera
/home/wwwwww/apps/skype_static-2.2.0.35/skype
/sbin/dhclient3
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-thumbnailer
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/chromium-browser/chromium-browser
/usr/lib/chromium-browser/chromium-browser//browser_java
/usr/lib/chromium-browser/chromium-browser//browser_openjdk
/usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dovecot-auth
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/lib/firefox-3.6.10/firefox-*bin
/usr/lib/firefox-3.6.10/firefox-*bin//browser_java
/usr/lib/firefox-3.6.10/firefox-*bin//browser_openjdk
/usr/sbin/avahi-daemon
/usr/sbin/cupsd
/usr/sbin/dnsmasq
/usr/sbin/dovecot
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/sbin/tcpdump
/usr/sbin/traceroute
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
So, why aren't the profiles loaded automatically on startup?
They should be loaded at startup, have you made any modifications to your startup?
Can you attach a copy of dmesg before you do
/etc/
What are the contents of your /etc/apparmor/ directory (its config files for apparmor)