apparmor.d - Full set of AppArmor profiles (~ 1500 profiles)

Patrick · October 24, 2023, 12:04pm

roddhjav · October 24, 2023, 7:19pm

Author of apparmor.d here. Supporting whonix in apparmor.d is planned, but in pause due to time constraint (and a few technical issues). See: Full system policy profile - Question · roddhjav/apparmor.d · Discussion #233 · GitHub

Patrick · October 25, 2023, 5:54pm

Wow, that’s awesome!

Patrick · November 15, 2023, 11:49am

github.com/roddhjav/apparmor.d

porting upstream profiles to apparmor.d?

opened 11:40AM - 15 Nov 23 UTC

adrelanos

@monsieuremre commented on [58b5773](https://github.com/roddhjav/apparmor.d/comm…it/58b577385e68f9aeeba5fafc8a87c30b90cc8e17) [yesterday](https://github.com/roddhjav/apparmor.d/commit/58b577385e68f9aeeba5fafc8a87c30b90cc8e17#commitcomment-132491733) > [...] Maybe stuff like [sdwdate](https://github.com/Kicksecure/sdwdate). Most whonix utils have their profiles. I think @roddhjav would be open to having those profiles ported into here, if you are into that kind of thing. If not, it might be necessary to add these profiles as install dependencies for the `.deb` target produced for whonix/kicksecure.

Patrick · November 16, 2023, 2:00am

github.com/roddhjav/apparmor.d

review apparmor profiles by Kicksecure / Whonix

opened 01:45AM - 16 Nov 23 UTC

adrelanos

As mentioned in https://github.com/roddhjav/apparmor.d/issues/250 Not sure ho…w useful it is to create such a list. Links might change over the years (do to file name changes, removed profiles, added profiles). Might be more useful within derivative-maker source code folder to run something like this: find . -type f -not -iwholename '*.git*' | grep apparmor.d Here is the list: https://github.com/Whonix/whonix-firewall/tree/master/etc/apparmor.d/whonix-firewall https://github.com/Whonix/whonix-firewall/tree/master/etc/apparmor.d/abstractions/whonix-firewall https://github.com/Whonix/anon-gw-anonymizer-config/tree/master/etc/apparmor.d/local/system_tor.anondist https://github.com/Whonix/anon-gw-anonymizer-config/tree/master/etc/apparmor.d/local/usr.bin.obfsproxy.anondist https://github.com/Whonix/onion-grater/tree/master/etc/apparmor.d/usr.lib.onion-grater https://github.com/Whonix/kloak/tree/master/etc/apparmor.d/usr.sbin.kloak https://github.com/Kicksecure/sdwdate/tree/master/etc/apparmor.d/usr.bin.sdwdate https://github.com/Kicksecure/sdwdate/tree/master/etc/apparmor.d/usr.bin.url_to_unixtime https://github.com/Kicksecure/sdwdate/tree/master/etc/apparmor.d/abstractions/url_to_unixtime https://github.com/Kicksecure/bootclockrandomization/tree/master/etc/apparmor.d/bootclockrandomization https://github.com/Kicksecure/helper-scripts/tree/master/etc/apparmor.d/usr.bin.tor-circuit-established-check https://github.com/Kicksecure/helper-scripts/tree/master/etc/apparmor.d/abstractions/tor-circuit-established-check https://github.com/Kicksecure/apparmor-profile-dist/tree/master/etc/apparmor.d/tunables/home.d/anondist https://github.com/Kicksecure/apparmor-profile-dist/tree/master/etc/apparmor.d/tunables/home.d/live-mode https://github.com/Kicksecure/apparmor-profile-dist/tree/master/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist https://github.com/Kicksecure/apparmor-profile-dist/blob/master/etc/apparmor.d/abstractions/base.d/kicksecure https://github.com/Kicksecure/security-misc/tree/master/etc/apparmor.d/tunables/home.d/security-misc https://github.com/Kicksecure/systemcheck/tree/master/etc/apparmor.d/usr.libexec.systemcheck.canary https://github.com/Kicksecure/systemcheck/tree/master/etc/apparmor.d/usr.bin.systemcheck https://github.com/Kicksecure/timesanitycheck/tree/master/etc/apparmor.d/usr.bin.timesanitycheck https://github.com/Kicksecure/timesanitycheck/tree/master/etc/apparmor.d/abstractions/timesanitycheck https://github.com/Kicksecure/sandbox-app-launcher/tree/master/etc/apparmor.d/sandbox-app-launcher https://github.com/Kicksecure/sandbox-app-launcher/tree/master/etc/apparmor.d/abstractions/sandbox-app-launcher https://github.com/Kicksecure/apparmor-profile-thunderbird/tree/master/etc/apparmor.d/local/usr.bin.thunderbird https://github.com/Kicksecure/apparmor-profile-torbrowser/tree/master/etc/apparmor.d/home.tor-browser.firefox https://github.com/Kicksecure/apparmor-profile-hexchat/tree/master/etc/apparmor.d/usr.bin.hexchat