Using the vpn-sudo doc, I’ve been experimenting with securing root access in my Qubes templates. This works OK for Debian, but Whonix templates apparently run some boot scripts as regular user interspersed with a few ‘sudo’ commands. The result is that Whonix VMs don’t start cleanly because the Qubes auth prompt pops up a few times.
Instead of relying entirely on an access control tool like apparmor (which I’m also using in Whonix now) I think it would be best to secure the root user as well. So I’d like to propose that we track down and eliminate the use of ‘sudo’ in the Whonix-specific startup scripts.