I didn’t manage yet to add Qubes compatibility. And then got distracted
by other things. Thanks for reminding me!
apparmor-profile-everything does not work on Qubes at all anyhow. But
this would be another change which would make it hard to fix since it
would break networking. Should I merge changes which break Qubes for
certain?
Pretty sure . /etc/default/networking is not required. Untested. /lib/systemd/system/networking.service already does EnvironmentFile=-/etc/default/networking. Will remove.
Will rename etc/apparmor.d/sbin.networking to etc/apparmor.d/sbin.networking-aae for consistency.
There have been numerous ASLR holes due to /proc/[pid]/{,stat,maps,auxv} which we allow access to in apparmor-profile-everything. We should restrict these but test if it breaks anything.
This could be used to further protect privileged processes like apt.
It’s part of LKRG experimental branch. Not part of LKRG main branch.
LKRG experimental branch as far I know was deprecated and LKRG upstream
wiki is outdated. If you like a more certain answer, please check in
LKRG source code or ask upstream LKRG.