madaidan via Whonix Forum:
Merged.
Though, I don’t see need to install rsyslog by default (wasn’t suggested
either) but it might still be lingering on upgraded systems or otherwise
installed by users or even pulled by dependencies.
1 Like
1 Like
This is now in testers repository.
1 Like
1 Like
Not sure you would want to support Debian?
Should we add to debian/control (which readme is based on) “developers only” or “testers only” and mention that the suggested way to get support is this forum thread only for now?
What other projects do you work on besides Whonix?
Could you fix these ones please?
AVC apparmor="ALLOWED" operation="exec" profile="/usr/lib/whonix-firewall/**" name="/usr/bin/date" pid=13252 comm="whonix-gateway-" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/whonix-firewall/**//null-/usr/bin/date"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/usr/bin/date" pid=13252 comm="date" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/usr/lib/x86_64-linux-gnu/ld-2.28.so" pid=13252 comm="date" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
AVC apparmor="ALLOWED" operation="open" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/etc/ld.so.cache" pid=13252 comm="date" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
AVC apparmor="ALLOWED" operation="open" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" pid=13252 comm="date" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" pid=13252 comm="date" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0
AVC apparmor="ALLOWED" operation="open" profile="/usr/lib/whonix-firewall/**//null-/usr/bin/date" name="/usr/lib/locale/locale-archive" pid=13252 comm="date" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
To reproduce in Whonix-Gateway:
sudo systemctl restart whonix-firewallProbably because they kept the profiles after uninstalling the package.
Yes.
1 Like
This should fix it.
We should also go around all the Whonix source code and change any /bin/... or /usr/bin/... to /{,usr/}bin/...
1 Like
Yeah. That shouldn’t be supported?
Package should only be removed using sudo apt purge apparmor-profile-everything?
Package should not be removed using sudo apt remove apparmor-profile-everything?
Not sure we can enforce that. However, on package remove the Debian prerm maintainer script of apparmor-profile-everything could look at /var/lib/dpkg/info/apparmor-profile-everything.conffiles and delete all “conffiles” (/etc/apparmor.d/…)?
Done.
1 Like
No it shouldn’t, it will likely break a lot of things.
1 Like
1 Like
Installing apparmor-profile-everything breaks with this error:
dpkg-divert: error: 'diversion of /lib/systemd/system/sdwdate.service to /usr/share/apparmor-profile-everything/lib++systemd++system++sdwdate.service by apparmor-profile-everything' clashes with 'diversion of /lib/systemd/system/sdwdate.service to /lib/systemd/system/sdwdate.service.dist-orig by apparmor-profile-everything'
####################################################################
## BEGIN ERROR in /var/lib/dpkg/info/apparmor-profile-everything.postinst detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: dpkg-divert --divert "$theirfile" --rename --package "$package" --add "$file"
## EXIT_CODE: 2
##
## END ERROR in /var/lib/dpkg/info/apparmor-profile-everything.postinst detected!
## Please report this bug!
####################################################################
I don’t know much about Debian packaging. Can you fix this?
1 Like
Merged.
Confirmed.
Fixed for new installations.
To unbreak existing broken APT (won’t be required for new users), the following command would probably do:
sudo dpkg-divert --rename --remove /lib/systemd/system/sdwdate.service
1 Like
That fix was uploaded just now to all repositories.
1 Like
I think this is ready for a call for testers. Can you post it?
1 Like
Was merged just now.
1 Like
Draft needed.
Could you write something similar as Using apparmor-profile-everything on Debian Buster? (Can be shorter - can be longer - but need some text to post.)
1 Like