aa-genprof is broken on Whonix.


I’m working on AppArmor profiles for Monero tools and right away I noticed aa-genprof is broken because of a Whonix file:

user@host:~$ sudo aa-genprof /usr/local/bin/monerod 

ERROR: Values added to a non-existing variable @{HOMEDIRS}: /rw/home/ in tunables/home.d/live-mode
user@host:~$ cat /etc/apparmor.d/tunables/home.d/live-mode 
## Copyright (C) 2018 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## Copyright (C) 2018 Algernon <33966997+Algernon-01@users.noreply.github.com>
## See the file COPYING for copying conditions.

alias / -> /rw/,
alias /var/lib/ -> /rw/var/lib/,
alias /var/lib/tor/ -> /rw/var/lib/tor/,

This is on Qubes 4/Whonix 14, testers repo.


Looks like this bug:

But there is no real fix yet.
As a workaround you could try to comment the lines in the file and add them instead to tunables/home.

live mode /etc/apparmor.d/tunables/home.d/live-mode breaks aa-enforce