Testing on Qubes. Figured out how to make initramfs xtrace visible.
(
- https://github.com/Whonix/grub-output-verbose/commit/b1c21c1712a38677568428b79fa1ec46bc1a0556
- console=hvc0 must be last by adrelanos · Pull Request #197 · QubesOS/qubes-core-agent-linux · GitHub
)
- . /scripts/init-bottom/ORDER
- /scripts/init-bottom/apparmor-profile-everything
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
[ 4.575432] audit: type=1400 audit(1576958583.257:2): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“systemd-modules-load” pid=243 comm=“apparmor_parser”
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
[ 4.578381] audit: type=1400 audit(1576958583.261:3): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“systemd-sysctl” pid=246 comm=“apparmor_parser”
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
[ 4.582981] audit: type=1400 audit(1576958583.265:4): apparmor=“STATUS” operation=“profile_load” profile=“unconfined” name=“init-systemd” pid=251 comm=“apparmor_parser”- ‘[’ -e /conf/param.conf ]
- /scripts/init-bottom/udev
What does ALLOWED
mean? I guess that is OK but why does it show it?
[ 5.299519] audit: type=1400 audit(1576958583.981:5290): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/bin/systemd-tmpfiles” name=“/etc/tmpfiles.d/” pid=320 comm=“systemd-tmpfile” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 5.299752] audit: type=1400 audit(1576958583.985:5291): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/lib/systemd/systemd-random-seed” name=“/etc/machine-id” pid=319 comm=“systemd-random-” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 5.299805] audit: type=1400 audit(1576958583.985:5292): apparmor=“ALLOWED” operation=“chmod” profile=“init-systemd//null-/lib/systemd/systemd-random-seed” name=“/var/lib/systemd/random-seed” pid=319 comm=“systemd-random-” requested_mask=“w” denied_mask=“w” fsuid=0 ouid=0
[ 5.299858] audit: type=1400 audit(1576958583.985:5293): apparmor=“ALLOWED” operation=“chown” profile=“init-systemd//null-/lib/systemd/systemd-random-seed” name=“/var/lib/systemd/random-seed” pid=319 comm=“systemd-random-” requested_mask=“w” denied_mask=“w” fsuid=0 ouid=0
[ 5.300356] audit: type=1400 audit(1576958583.985:5294): apparmor=“ALLOWED” operation=“open” profile=“init-systemd” name=“/proc/319/comm” pid=1 comm=“systemd” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 5.300401] audit: type=1400 audit(1576958583.985:5295): apparmor=“ALLOWED” operation=“open” profile=“init-systemd” name=“/proc/319/comm” pid=1 comm=“systemd” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 5.300444] audit: type=1400 audit(1576958583.985:5296): apparmor=“ALLOWED” operation=“open” profile=“init-systemd” name=“/proc/319/cgroup” pid=1 comm=“systemd” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Permission hardening needs a profile. Or kicksecure shell profile?
[ 10.303738] audit: type=1400 audit(1576958588.989:26448): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304240] audit: type=1400 audit(1576958588.989:26449): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304832] audit: type=1400 audit(1576958588.989:26450): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305305] audit: type=1400 audit(1576958588.989:26451): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305895] audit: type=1400 audit(1576958588.989:26452): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306437] audit: type=1400 audit(1576958588.989:26453): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306960] audit: type=1400 audit(1576958588.989:26454): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.307604] audit: type=1400 audit(1576958588.993:26455): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308072] audit: type=1400 audit(1576958588.993:26456): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308764] audit: type=1400 audit(1576958588.993:26457): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/ANDROID/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.303738] audit: type=1400 audit(1576958588.989:26448): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304240] audit: type=1400 audit(1576958588.989:26449): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304832] audit: type=1400 audit(1576958588.989:26450): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305305] audit: type=1400 audit(1576958588.989:26451): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305895] audit: type=1400 audit(1576958588.989:26452): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306437] audit: type=1400 audit(1576958588.989:26453): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306960] audit: type=1400 audit(1576958588.989:26454): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.307604] audit: type=1400 audit(1576958588.993:26455): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308072] audit: type=1400 audit(1576958588.993:26456): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308764] audit: type=1400 audit(1576958588.993:26457): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/ANDROID/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.303738] audit: type=1400 audit(1576958588.989:26448): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304240] audit: type=1400 audit(1576958588.989:26449): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/VERSION/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.304832] audit: type=1400 audit(1576958588.989:26450): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305305] audit: type=1400 audit(1576958588.989:26451): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/NOK/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.305895] audit: type=1400 audit(1576958588.989:26452): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306437] audit: type=1400 audit(1576958588.989:26453): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.306960] audit: type=1400 audit(1576958588.989:26454): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/EXT/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.307604] audit: type=1400 audit(1576958588.993:26455): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308072] audit: type=1400 audit(1576958588.993:26456): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/KHR/pycache/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 10.308764] audit: type=1400 audit(1576958588.993:26457): apparmor=“ALLOWED” operation=“open” profile=“init-systemd//null-/usr/lib/security-misc/permission-hardening//null-/usr/bin/find” name=“/usr/lib/python3/dist-packages/OpenGL/EGL/ANDROID/” pid=721 comm=“find” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0