boinc ubuntu 12.04 headless with apparmor


Under Ubuntu 12.04 amd64 the package dependencies are (seems to me) broken, it want’s  to install about 300MB packages. After fiddling arround with apt-get I found the proper option

apt-get --no-install-recommends install boinc-client

Now I want to activate my account. Were doing this:

boinccmd --lookup_account username yourpassword

Weg get an hash returned, and with the hash we do:

boinccmd --host localhost --project_attach hash

That’s it. Now were computing for
Since I’m a little paranoid, I don’t trust anything which downloads binaries and executes them on my computer automatically. Therefore is a solution to isolate the processes at kernel space. Apparmor. Here my profile:

# vim:syntax=apparmor
# Last Modified: Mon Jul 30 23:00:13 2007
#include <tunables/global>

/usr/bin/boinc {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/nameservice>
  #include <abstractions/wutmp>

  /SYSV* mrw,
  /bin/dash ixr,
  /bin/uname ixr,
  /dev/ r,
  /dev/pts/ r,
  /etc/boinc-client/* r,
  /etc/gai.conf r,
  /etc/magic r,
  /lib/ r,
  /proc/ r,
  /proc/** r,
  /usr/lib/ r,
  /usr/bin/boinc mr,
  /usr/bin/file ixr,
  /usr/sbin/sendmail ixr,
  /usr/share/file/magic.mgc r,
  /var/lib/boinc-client/ r,
  /var/lib/boinc-client/** krwixr,

I’ve simply adopted the profile from:
Save the profile under /etc/apparmor.d/usr.bin.boinc and run:

aa-enforce /etc/apparmor.d/usr.bin.boinc

If youre missing the command aa-enforce try to install the package apparmor-utils

Have fun!