Full System AppArmor Policy - Testers Wanted!

I see, I figured I would run Whonix-firewall in Kicksecure as host but I uninstalled Whonix-firewall within Kicksecure and will just go based on the settings Kicksecure has.

As for apparmor-profile-everything:

Apparmor-info in Kicksecure Host shows:

sudo apparmor-info
[sudo] password for user:
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=term peer=“init-systemd”
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=kill peer=“init-systemd”
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“at-spi-bus-laun” requested_mask=“receive” denied_mask=“receive” signal=term peer=“init-systemd”

How do I add that to the profiles?

Booting Whonix-Gateway with apparmor-profile-everything:

Running systemctl, apparmor.service fails.
haveged.service fails, tor@default.service fails

sudo systemctl status apparmor.service
[sudo] password for user:
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/apparmor.service.d
└─30_live_mode.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:42:19 UTC; 16s ago
Docs: man:apparmor(7)
Home · Wiki · AppArmor / apparmor · GitLab
Process: 3778 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, st
Main PID: 3778 (code=exited, status=1/FAILURE)

Jan 02 05:42:18 host systemd[1]: Starting Load AppArmor profiles…
Jan 02 05:42:19 host apparmor.systemd[3778]: Restarting AppArmor
Jan 02 05:42:19 host apparmor.systemd[3778]: Reloading AppArmor profiles
Jan 02 05:42:19 host systemd[1]: apparmor.service: Main process exited, code=exi
Jan 02 05:42:19 host apparmor.systemd[3778]: Found reference to variable dev_tty
Jan 02 05:42:19 host systemd[1]: apparmor.service: Failed with result 'exit-code
Jan 02 05:42:19 host apparmor.systemd[3778]: Found reference to variable dev_tty
Jan 02 05:42:19 host systemd[1]: Failed to start Load AppArmor profiles.
Jan 02 05:42:19 host apparmor.systemd[3778]: Error: At least one profile failed
lines 1-19/19 (END)

sudo systemctl restart haveged.service
user@host:~$ sudo systemctl status haveged.service
● haveged.service - Entropy daemon using the HAVEGE algorithm
Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/haveged.service.d
└─30_apparmor_profile_everything.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:44:22 UTC; 1s ago
Docs: man:haveged(8)
haveged - a simple entropy daemon
Process: 4833 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARG
Main PID: 4833 (code=exited, status=225/NETWORK)

Jan 02 05:44:22 host systemd[1]: Started Entropy daemon using the HAVEGE algorit
Jan 02 05:44:22 host systemd[4833]: haveged.service: Failed to set up network na
Jan 02 05:44:22 host systemd[4833]: haveged.service: Failed at step NETWORK spaw
Jan 02 05:44:22 host systemd[1]: haveged.service: Main process exited, code=exit
Jan 02 05:44:22 host systemd[1]: haveged.service: Failed with result ‘exit-code’
lines 1-15/15 (END)

sudo systemctl restart tor@default.service
Job for tor@default.service failed because the control process exited with error code.
See “systemctl status tor@default.service” and “journalctl -xe” for details.
user@host:~$ sudo systemctl status tor@default.service
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor@default.service.d
└─30_clean-torrc-d-on-reload.conf, 40_obfs4proxy-workaround.conf, 50_controlsocket-workar
Active: failed (Result: exit-code) since Sat 2021-01-02 05:46:53 UTC; 6s ago
Process: 5672 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (c
Process: 5673 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
Process: 5674 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f
Main PID: 5674 (code=exited, status=1/FAILURE)
Tasks: 1 (limit: 4608)
Memory: 50.0M
CGroup: /system.slice/system-tor.slice/tor@default.service
└─886 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor

Jan 02 05:46:53 host systemd[1]: tor@default.service: Killing process 886 (tor) with signal SIGKILL.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed to kill control group /system.slice/sys
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
Jan 02 05:46:53 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Service RestartSec=100ms expired, scheduling r
Jan 02 05:46:53 host systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 5
Jan 02 05:46:53 host systemd[1]: Stopped Anonymizing overlay network for TCP.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Start request repeated too quickly.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
lines 1-23

Running sudo apparmor-info shows all Alloweds and no Denieds

Booting into Whonix-Workstation with apparmor-profile-everything breaks apparmor.service, haveged.service, kloak.service, and whonix-firewall.service. All Alloweds showing with apparmor-info and no Denieds.

sudo systemctl status haveged
● haveged.service - Entropy daemon using the HAVEGE algorithm
Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/haveged.service.d
└─30_apparmor_profile_everything.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:56:16 UTC; 3s ago
Docs: man:haveged(8)
haveged - a simple entropy daemon
Process: 2972 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARG
Main PID: 2972 (code=exited, status=225/NETWORK)

Jan 02 05:56:16 host systemd[1]: Started Entropy daemon using the HAVEGE algorit
Jan 02 05:56:16 host systemd[1]: haveged.service: Main process exited, code=exit
Jan 02 05:56:16 host systemd[1]: haveged.service: Failed with result ‘exit-code’
lines 1-13/13 (END)

sudo systemctl restart kloak
user@host:~$ sudo systemctl status kloak
● kloak.service - kloak anti keystroke deanonymization tool
Loaded: loaded (/lib/systemd/system/kloak.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Sat 2021-01-02 05:56:57 UTC; 3s ago
Docs: GitHub - vmonaco/kloak: Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
Process: 3016 ExecStart=/usr/sbin/kloak (code=exited, status=225/NETWORK)
Main PID: 3016 (code=exited, status=225/NETWORK)

Jan 02 05:56:57 host systemd[1]: kloak.service: Main process exited, code=exited
Jan 02 05:56:57 host systemd[1]: kloak.service: Failed with result ‘exit-code’.
Jan 02 05:56:57 host systemd[1]: kloak.service: Service RestartSec=100ms expired
Jan 02 05:56:57 host systemd[1]: kloak.service: Scheduled restart job, restart c
Jan 02 05:56:57 host systemd[1]: Stopped kloak anti keystroke deanonymization to
Jan 02 05:56:57 host systemd[1]: kloak.service: Start request repeated too quick
Jan 02 05:56:57 host systemd[1]: kloak.service: Failed with result ‘exit-code’.
Jan 02 05:56:57 host systemd[1]: Failed to start kloak anti keystroke deanonymiz
lines 1-15/15 (END)

sudo systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/apparmor.service.d
└─30_live_mode.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:57:42 UTC; 15s ago
Docs: man:apparmor(7)
Home · Wiki · AppArmor / apparmor · GitLab
Process: 3071 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, st
Main PID: 3071 (code=exited, status=1/FAILURE)

Jan 02 05:57:41 host systemd[1]: Starting Load AppArmor profiles…
Jan 02 05:57:42 host systemd[1]: apparmor.service: Main process exited, code=exi
Jan 02 05:57:44 host apparmor.systemd[3071]: Restarting AppArmor
Jan 02 05:57:44 host apparmor.systemd[3071]: Reloading AppArmor profiles
Jan 02 05:57:42 host systemd[1]: apparmor.service: Failed with result 'exit-code
Jan 02 05:57:44 host apparmor.systemd[3071]: Found reference to variable dev_tty
Jan 02 05:57:42 host systemd[1]: Failed to start Load AppArmor profiles.
Jan 02 05:57:44 host apparmor.systemd[3071]: Found reference to variable dev_tty
Jan 02 05:57:44 host apparmor.systemd[3071]: Error: At least one profile failed

This is using the latest apparmor-profile-everything from the Dev repo for Kicksecure, Whonix-Gateway and Whonix-Workstation.

And within Whonix-Gateway running apparmor-info, I receive these denieds which kills TOR. How may I apply this properly to the profiles?

sudo apparmor-info
[sudo] password for user:
AVC apparmor=“DENIED” operation=“signal” profile=“system_tor” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=int peer=“init-systemd”
AVC apparmor=“DENIED” operation=“signal” profile=“system_tor” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=kill peer=“init-systemd”

11024×768 190 KB

21024×768 192 KB

31024×768 197 KB

Gateway

Also, I find this interesting. I updated sdwdate just now in Kicksecure while still having the loop issue with sdwdate in which it never connects and completes its task unless do sudo sdwdate.

If I sdwdate in terminal, I get this:

sdwdate
2021-01-06 01:55:59 - sdwdate - INFO - sdwdate started. PID: 6979
2021-01-06 01:55:59 - sdwdate - INFO - create temp_dir: /tmp/tmp.P7Mx7U20tW
2021-01-06 01:55:59 - sdwdate - INFO - Tor socks host: 127.0.0.1 Tor socks port: 9050
2021-01-06 01:55:59 - sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
2021-01-06 01:55:59 - sdwdate - INFO - Prerequisite check: The clock is sane.
Within build timestamp Sat 12 Dec 2020 05:44:06 AM UTC and expiration timestamp Tue 17 May 2033 10:00:00 AM UTC.
Clock within consensus parameters consensus/valid-after 2021-01-06 01:00:00 and consensus/valid-until 2021-01-06 04:00:00.
2021-01-06 01:55:59 - sdwdate - INFO - Prerequisite check: Tor fully bootstrapped.
2021-01-06 01:55:59 - sdwdate - INFO - Start fetching remote times.
Unexpected error: <class ‘PermissionError’>
2021-01-06 01:55:59 - sdwdate - INFO - Time fetching in progress…
2021-01-06 01:55:59 - sdwdate - INFO - Running sdwdate fetch loop. iteration: 1
2021-01-06 01:55:59 - sdwdate - INFO - Requested urls [‘gmg7jl25ony5g7ws.onion’, ‘ltcpool5brio2gaj.onion’, ‘6zwctlqtpilbkl47.onion’]
2021-01-06 01:56:01 - sdwdate - INFO - Returned urls “[‘gmg7jl25ony5g7ws.onion’, ‘ltcpool5brio2gaj.onion’, ‘6zwctlqtpilbkl47.onion’]”
2021-01-06 01:56:01 - sdwdate - INFO - remote 0: gmg7jl25ony5g7ws.onion
2021-01-06 01:56:01 - sdwdate - INFO - * comment: Gizmodo Media Group https://specialprojectsdesk.com/secure-drop https://web.archive.org/web/20201206054439/https://specialprojectsdesk.com/secure-drop
2021-01-06 01:56:01 - sdwdate - INFO - * remote_unixtime: 1609898173
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-after: 2021-01-06 01:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * remote_time : 2021-01-06 01:56:13
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-until: 2021-01-06 04:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * time_diff: 12 second(s)
2021-01-06 01:56:01 - sdwdate - INFO - * timesanitycheck: sane
2021-01-06 01:56:01 - sdwdate - INFO - * time_consensus_sanity_check: sane
2021-01-06 01:56:01 - sdwdate - INFO - * remote_status: True
2021-01-06 01:56:01 - sdwdate - INFO - remote 1: ltcpool5brio2gaj.onion
2021-01-06 01:56:01 - sdwdate - INFO - * comment: Help/FAQ | litecoinpool.org https://web.archive.org/web/20161114095946/https://www.litecoinpool.org/help
2021-01-06 01:56:01 - sdwdate - INFO - * remote_unixtime: 1609898172
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-after: 2021-01-06 01:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * remote_time : 2021-01-06 01:56:12
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-until: 2021-01-06 04:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * time_diff: 11 second(s)
2021-01-06 01:56:01 - sdwdate - INFO - * timesanitycheck: sane
2021-01-06 01:56:01 - sdwdate - INFO - * time_consensus_sanity_check: sane
2021-01-06 01:56:01 - sdwdate - INFO - * remote_status: True
2021-01-06 01:56:01 - sdwdate - INFO - remote 2: 6zwctlqtpilbkl47.onion
2021-01-06 01:56:01 - sdwdate - INFO - * comment: Piratenpartij - Piratenpartij https://web.archive.org/web/20170315154213/https://piratenpartij.nl/contact/
2021-01-06 01:56:01 - sdwdate - INFO - * remote_unixtime: 1609898173
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-after: 2021-01-06 01:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * remote_time : 2021-01-06 01:56:13
2021-01-06 01:56:01 - sdwdate - INFO - * consensus/valid-until: 2021-01-06 04:00:00
2021-01-06 01:56:01 - sdwdate - INFO - * time_diff: 12 second(s)
2021-01-06 01:56:01 - sdwdate - INFO - * timesanitycheck: sane
2021-01-06 01:56:01 - sdwdate - INFO - * time_consensus_sanity_check: sane
2021-01-06 01:56:01 - sdwdate - INFO - * remote_status: True
2021-01-06 01:56:01 - sdwdate - INFO - Pool 1: gmg7jl25ony5g7ws.onion, web unixtime: 1609898173, web time: Wed Jan 06 01:56:13 UTC 2021, diff: 12 seconds
2021-01-06 01:56:01 - sdwdate - INFO - Pool 2: ltcpool5brio2gaj.onion, web unixtime: 1609898172, web time: Wed Jan 06 01:56:12 UTC 2021, diff: 11 seconds
2021-01-06 01:56:01 - sdwdate - INFO - Pool 3: 6zwctlqtpilbkl47.onion, web unixtime: 1609898173, web time: Wed Jan 06 01:56:13 UTC 2021, diff: 12 seconds
2021-01-06 01:56:01 - sdwdate - INFO - End fetching remote times.
2021-01-06 01:56:01 - sdwdate - INFO - Pool differences, sorted: [11, 12, 12]
2021-01-06 01:56:01 - sdwdate - INFO - Median time difference: +12.000000000
2021-01-06 01:56:01 - sdwdate - INFO - randomize : +0.792354561
2021-01-06 01:56:01 - sdwdate - INFO - New time difference : +12.792354561
2021-01-06 01:56:01 - sdwdate - INFO - Gradually adjusting the time by running sclockadj using command: /usr/lib/sdwdate/sclockadj “12792354561”
2021-01-06 01:56:01 - sdwdate - INFO - Launched sclockadj into the background. PID: 7022
Traceback (most recent call last):
File “/usr/bin/sdwdate”, line 637, in
f = open(sdwdate.status_success_path, ‘w’)
PermissionError: [Errno 13] Permission denied: ‘/run/sdwdate/success’
user@os:~$ Failed to change clock!: Operation not permitted

sudo apparmor-info
AVC apparmor=“DENIED” operation=“file_receive” profile=“dbus-daemon” name=“/run/systemd/inhibit/6.ref” comm=“dbus-daemon” requested_mask=“w” denied_mask=“w”
AVC apparmor=“DENIED” operation=“open” profile=“/**/*-browser/Browser/firefox” name=“/proc/4858/cgroup” comm=“firefox.real” requested_mask=“r” denied_mask=“r”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“te_pe_tb_check” capability=2 capname=“dac_read_search”
AVC apparmor=“ALLOWED” operation=“capable” info=“optional: no audit” error=-1 profile=“/usr/bin/sdwdate” comm=“tor_circuit_est” capability=27 capname=“mknod”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“tor_circuit_est” capability=1 capname=“dac_override”
AVC apparmor=“ALLOWED” operation=“capable” info=“optional: no audit” error=-1 profile=“/usr/bin/sdwdate” comm=“tor_consensus_v” capability=27 capname=“mknod”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“tor_consensus_v” capability=1 capname=“dac_override”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“tor_consensus_v” capability=2 capname=“dac_read_search”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“sdwdate” capability=1 capname=“dac_override”
AVC apparmor=“ALLOWED” operation=“capable” profile=“/usr/bin/sdwdate” comm=“sdwdate” capability=2 capname=“dac_read_search”
AVC apparmor=“ALLOWED” operation=“open” profile=“/usr/bin/sdwdate” name=“/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie” comm=“tor_circuit_est” requested_mask=“r” denied_mask=“r”
AVC apparmor=“ALLOWED” operation=“open” profile=“/usr/bin/sdwdate” name=“/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie” comm=“tor_consensus_v” requested_mask=“r” denied_mask=“r”
AVC apparmor=“ALLOWED” operation=“open” profile=“/usr/bin/sdwdate” name=“/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie” comm=“sdwdate” requested_mask=“r” denied_mask=“r”

I’m assuming Allowed shows rules already applied to their particular profiles but there is a denied_mask. Would this be responsible for sdwdate not starting up properly?

I guess lsblk is able to read filesystem UUIDs, so it might break being anonymous, or at least being re-identifyable. So it’s the danger of being recognized, maybe.

See:

sudobash via Whonix Forum:

If I sdwdate in terminal, I get this:

sdwdate

Not designed to be run from command line. It’s supposed to be run under
user sdwdate. In actual production additional restrictions apply. It’s
run by sdwdate systemd unit which adds systemd hardening which can be a
further cause for issues.

Running sdwdate as root could mess up permissions in folder /run/sdwdate
(adding files owned by root) which would then disrupt sdwdate started by
systemd under user sdwdate.

I am not sure how sdwdate should act if start from command line. For
sure, shouldn’t run as root. But as user other than sdwdate it doesn’t
have permission to change the time anyhow.

I don’t know.

Those tools aren’t great. They often break and can’t really handle anything other than file permissions like dbus rules.

–

@sudobash it seems like you’re mixing things weirdly and causing errors that wouldn’t occur normally. Do you get any errors when running the OS as it is expected to without any custom modifications?

Also, please use markdown formatting to enclose logs / commands by using 3 backticks:

```
user@host:~$ echo “test!”
test!
user@host:~$
```

I escaped the backticks above for demonstration purposes but if I hadn’t, it would look like:

user@host:~$ echo "test!"
test!
user@host:~$

It makes it much more readable and separates sentences from logs better. You can also use single backticks to enclose small strings in a sentence:

Like `this`, for example.

Without the escape:

Like this, for example.

sdwdate with apparmor-profile-everything installed from the dev repo as of right now displays this using apparmor-info command:

sudo apparmor-info
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/etc/ssl/openssl.cnf" comm="url_to_unixtime" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/etc/ssl/certs/ca-certificates.crt" comm="url_to_unixtime" requested_mask="r" denied_mask="r"

With this info, I added to sudo mousepad ‘/etc/apparmor.d/usr.bin.sdwdate’:

/etc/ssl/openssl.cnf r,
/etc/ssl/certs/ca-certificates.crt r,

Now on reboot, running apparmor-info I get this:

AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="init-systemd"
AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="unconfined"
AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="dbus-daemon"
AVC apparmor="ALLOWED" operation="mknod" profile="/usr/bin/sdwdate" name="/home/user/status" comm="sdwdate" requested_mask="c" denied_mask="c"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/status" comm="sdwdate" requested_mask="wc" denied_mask="wc"
AVC apparmor="ALLOWED" operation="mknod" profile="/usr/bin/sdwdate" name="/home/user/msg" comm="sdwdate" requested_mask="c" denied_mask="c"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/msg" comm="sdwdate" requested_mask="wc" denied_mask="wc"

I’ll add these to the sdwdate profile and report later. sdwdate date is still looping on startup with apparmor-profile-everything installed for me. sdwdate running without sudo:

sdwdate
2021-01-11 17:39:16 - sdwdate - INFO - sdwdate started. PID: 4181
sdwdate_status_files_folder: /home/user
2021-01-11 17:39:16 - sdwdate - INFO - Tor socks host: 127.0.0.1 Tor socks port: 9050
2021-01-11 17:39:16 - sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
sdwdate_status_files_folder: /home/user
2021-01-11 17:39:17 - sdwdate - INFO - PREPARATION:
2021-01-11 17:39:17 - sdwdate - INFO - /usr/lib/helper-scripts/onion-time-pre-script: Start.
Static Time Sanity Check: The clock is sane.
Within build timestamp Sat 12 Dec 2020 05:44:06 AM UTC and expiration timestamp Tue 17 May 2033 10:00:00 AM UTC.
Tor Consensus Time Sanity Check: Clock within consensus parameters consensus/valid-after 2021-01-11 17:00:00 and consensus/valid-until 2021-01-11 20:00:00.
Tor fully bootstrapped.
/usr/lib/helper-scripts/onion-time-pre-script: END: Exiting with code_code '0' indicating 'success'.
2021-01-11 17:39:17 - sdwdate - INFO - PREPARATION RESULT: SUCCESS.
2021-01-11 17:39:17 - sdwdate - INFO - 

sdwdate_status_files_folder: /home/user
2021-01-11 17:39:17 - sdwdate - INFO - Start fetching remote times.
2021-01-11 17:39:17 - sdwdate - INFO - restricted_msg: Initial time fetching in progress...
2021-01-11 17:39:17 - sdwdate - INFO - Initial time fetching in progress...
2021-01-11 17:39:17 - sdwdate - INFO - Running sdwdate fetch loop. iteration: 1
2021-01-11 17:39:17 - sdwdate - INFO - requested urls ['http://arujlhu2zjjhc3bw.onion', 'http://nxhhwbbxc4khvvlw.onion', 'http://mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion']
2021-01-11 17:39:29 - sdwdate - INFO - returned urls "['http://arujlhu2zjjhc3bw.onion', 'http://nxhhwbbxc4khvvlw.onion', 'http://mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion']"
2021-01-11 17:39:29 - sdwdate - INFO - remote 0: http://arujlhu2zjjhc3bw.onion
2021-01-11 17:39:29 - sdwdate - INFO - * comment: https://web.archive.org/web/20210111091808/https://securedrop.org/directory/public-intelligence/	https://web.archive.org/web/20210111091811/https://publicintelligence.net/contribute/
2021-01-11 17:39:29 - sdwdate - INFO - * remote_unixtime: 1610411615
2021-01-11 17:39:29 - sdwdate - INFO - * consensus/valid-after: 2021-01-11 17:00:00
2021-01-11 17:39:29 - sdwdate - INFO - * remote_time          : 2021-01-12 00:33:35
2021-01-11 17:39:29 - sdwdate - INFO - * consensus/valid-until: 2021-01-11 20:00:00
2021-01-11 17:39:29 - sdwdate - INFO - * time_diff: 24846 second(s)
2021-01-11 17:39:29 - sdwdate - INFO - * Static Time Sanity Check: sane
2021-01-11 17:39:29 - sdwdate - INFO - * Tor Consensus Time Sanity Check: fast
2021-01-11 17:39:29 - sdwdate - INFO - * remote_status: False
2021-01-11 17:39:29 - sdwdate - INFO - remote 1: http://nxhhwbbxc4khvvlw.onion
2021-01-11 17:39:29 - sdwdate - INFO - * comment: https://searx.gotrust.de	https://web.archive.org/web/20170519171857/https://github.com/asciimoo/searx/wiki/Searx-instances
2021-01-11 17:39:29 - sdwdate - INFO - * remote_unixtime: 1610412195
2021-01-11 17:39:29 - sdwdate - INFO - * consensus/valid-after: 2021-01-11 17:00:00
2021-01-11 17:39:29 - sdwdate - INFO - * remote_time          : 2021-01-12 00:43:15
2021-01-11 17:39:29 - sdwdate - INFO - * consensus/valid-until: 2021-01-11 20:00:00
2021-01-11 17:39:29 - sdwdate - INFO - * time_diff: 25426 second(s)
2021-01-11 17:39:29 - sdwdate - INFO - * Static Time Sanity Check: sane
2021-01-11 17:39:29 - sdwdate - INFO - * Tor Consensus Time Sanity Check: fast
2021-01-11 17:39:29 - sdwdate - INFO - * remote_status: False
2021-01-11 17:39:29 - sdwdate - INFO - remote 2: http://mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion
2021-01-11 17:39:29 - sdwdate - INFO - * comment: https://pad.systemli.org	https://www.systemli.org/en/service/etherpad.html	https://web.archive.org/web/20191025120405/https://www.systemli.org/en/service/etherpad.html
2021-01-11 17:39:29 - sdwdate - INFO - * status: False
2021-01-11 17:39:29 - sdwdate - INFO - * value: b"connect error: SOCKSHTTPConnectionPool(host='mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 0x5f10e5057240>: Failed to establish a new connection: 0x04: Host unreachable'))"
2021-01-11 17:39:29 - sdwdate - INFO - Running sdwdate fetch loop. iteration: 2
2021-01-11 17:39:29 - sdwdate - INFO - requested urls ['http://vnchbkzryteygshp53p6zfya7jyrzaugjzmfwtejh4acnaxnm47t2nad.onion', 'http://3kyl4i7bfdgwelmf.onion', 'http://tinhat233xymse34.onion']
2021-01-11 17:39:39 - sdwdate - INFO - returned urls "['http://vnchbkzryteygshp53p6zfya7jyrzaugjzmfwtejh4acnaxnm47t2nad.onion', 'http://3kyl4i7bfdgwelmf.onion', 'http://tinhat233xymse34.onion']"
2021-01-11 17:39:39 - sdwdate - INFO - remote 0: http://vnchbkzryteygshp53p6zfya7jyrzaugjzmfwtejh4acnaxnm47t2nad.onion

Just loops, ran apparmor-info:

AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="init-systemd"
AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="unconfined"
AVC apparmor="ALLOWED" operation="ptrace" profile="/usr/bin/sdwdate" comm="ps" requested_mask="read" denied_mask="read" peer="dbus-daemon"
AVC apparmor="ALLOWED" operation="mknod" profile="/usr/bin/sdwdate" name="/home/user/status" comm="sdwdate" requested_mask="c" denied_mask="c"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/status" comm="sdwdate" requested_mask="wc" denied_mask="wc"
AVC apparmor="ALLOWED" operation="mknod" profile="/usr/bin/sdwdate" name="/home/user/msg" comm="sdwdate" requested_mask="c" denied_mask="c"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/msg" comm="sdwdate" requested_mask="wc" denied_mask="wc"
AVC apparmor="ALLOWED" operation="truncate" profile="/usr/bin/sdwdate" name="/home/user/status" comm="sdwdate" requested_mask="w" denied_mask="w"
AVC apparmor="ALLOWED" operation="truncate" profile="/usr/bin/sdwdate" name="/home/user/msg" comm="sdwdate" requested_mask="w" denied_mask="w"

Added to sdwdate apparmor profile:

ptrace read,
/home/user/status rw,
/home/user/msg rw,

Reboot and ran apparmor-info:

AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie" comm="tor_consensus_v" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/sdwdate" name="/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie" comm="sdwdate" requested_mask="r" denied_mask="r"

Added to sdwdate apparmor profile:

/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Tor/control_auth_cookie r,

Reboot

sdwdate just loops. Curious what apparmor-info whould show now:

sudo apparmor-info
[sudo] password for user:                
AVC apparmor="DENIED" operation="open" profile="/**/*-browser/Browser/firefox" name="/proc/2284/cgroup" comm="firefox.real" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get" name="/etc/nsswitch.conf" comm="anondate-get" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get" name="/etc/passwd" comm="anondate-get" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get" name="/etc/nsswitch.conf" comm="whoami" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get" name="/etc/passwd" comm="whoami" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="exec" profile="/usr/sbin/anondate-get" name="/usr/bin/timeout" comm="anondate-get" requested_mask="x" denied_mask="x"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/bin/timeout" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/ld-2.28.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/etc/ld.so.preload" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/etc/ld.so.cache" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/librt-2.28.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/librt-2.28.so" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="timeout" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/locale/locale-archive" comm="timeout" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="exec" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/helper-scripts/tor_bootstrap_check.py" comm="timeout" requested_mask="x" denied_mask="x"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/bin/python3.7" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/ld-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/etc/ld.so.preload" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/etc/ld.so.cache" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypt-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypt-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libdl-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libdl-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libutil-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libutil-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libexpat.so.1.6.8" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libexpat.so.1.6.8" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libz.so.1.2.11" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libz.so.1.2.11" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/locale/locale-archive" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/encodings/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/codecs.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/encodings/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/encodings/__pycache__/aliases.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/encodings/__pycache__/utf_8.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/encodings/__pycache__/latin_1.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/io.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/abc.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_bootlocale.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/site.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/os.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/stat.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/posixpath.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/genericpath.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_collections_abc.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_sitebuiltins.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/local/lib/python3.7/dist-packages/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/sitecustomize.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/helper-scripts/tor_bootstrap_check.py" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/helper-scripts/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/datetime.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/share/zoneinfo/UCT" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/prereq.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/functools.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/collections/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/operator.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/keyword.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/heapq.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/reprlib.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/inspect.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/dis.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/types.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/opcode.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_opcode.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_opcode.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/collections/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/collections/__pycache__/abc.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/enum.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/importlib/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/warnings.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/importlib/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/importlib/__pycache__/machinery.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/linecache.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/tokenize.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/re.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/sre_compile.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/sre_parse.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/sre_constants.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/copyreg.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/token.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/platform.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/subprocess.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/signal.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/selectors.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/threading.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/traceback.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_weakrefset.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/enum.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/str_tools.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/connection.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/hashlib.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_hashlib.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_hashlib.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libssl.so.1.1" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libssl.so.1.1" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/hmac.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"

Continued apparmor-info list:

AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/proc.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/base64.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/struct.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/socket.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/log.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/logging/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/weakref.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/string.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/system.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/ctypes/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_ctypes.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_ctypes.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libffi.so.6.0.4" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/ctypes/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/ctypes/__pycache__/_endian.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/proc/1461/status" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/proc/1461/mounts" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/ctypes/__pycache__/util.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/shutil.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/fnmatch.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/bz2.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_compression.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_bz2.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_bz2.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/lzma.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_lzma.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_lzma.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/liblzma.so.5.2.4" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/x86_64-linux-gnu/liblzma.so.5.2.4" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/tempfile.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/random.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/bisect.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/mimetypes.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/urllib/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/urllib/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/urllib/__pycache__/parse.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/multiprocessing/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/multiprocessing/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/multiprocessing/__pycache__/context.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/multiprocessing/__pycache__/process.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/multiprocessing/__pycache__/reduction.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/pickle.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/_compat_pickle.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/tarfile.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/copy.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/conf.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/connection.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/getpass.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/contextlib.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/termios.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/termios.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/control.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/calendar.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/locale.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/queue.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_queue.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_queue.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/server_descriptor.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/certificate.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/extrainfo_descriptor.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/exit_policy.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/__future__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/util/__pycache__/tor_tools.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/version.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/router_status_entry.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/networkstatus.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/microdescriptor.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/tordnsel.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/hidden_service_descriptor.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/descriptor/__pycache__/reader.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/__init__.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/__pycache__/socket.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/__pycache__/ssl.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_ssl.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3.7/lib-dynload/_ssl.cpython-37m-x86_64-linux-gnu.so" comm="tor_bootstrap_c" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/events.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/add_onion.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/authchallenge.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/getinfo.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/getconf.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/mapaddress.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/usr/lib/python3/dist-packages/stem/response/__pycache__/protocolinfo.cpython-37.pyc" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_bootstrap_check.py" name="/run/tor/control.authcookie" comm="tor_bootstrap_c" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="exec" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout" name="/usr/lib/helper-scripts/tor_circuit_established_check.py" comm="timeout" requested_mask="x" denied_mask="x"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/bin/python3.7" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/ld-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/etc/ld.so.preload" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/etc/ld.so.cache" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypt-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libcrypt-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libpthread-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libdl-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libdl-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libutil-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libutil-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libexpat.so.1.6.8" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libexpat.so.1.6.8" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libz.so.1.2.11" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libz.so.1.2.11" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libm-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libc-2.28.so" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="file_mmap" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/libgcc_s.so.1" comm="tor_circuit_est" requested_mask="rm" denied_mask="rm"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/locale/locale-archive" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/encodings/__pycache__/__init__.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/codecs.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/encodings/" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/encodings/__pycache__/aliases.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/encodings/__pycache__/utf_8.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/encodings/__pycache__/latin_1.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/io.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/abc.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/_bootlocale.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/site.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/os.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"
AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/anondate-get//null-/usr/bin/timeout//null-/usr/lib/helper-scripts/tor_circuit_established_check.py" name="/usr/lib/python3.7/__pycache__/stat.cpython-37.pyc" comm="tor_circuit_est" requested_mask="r" denied_mask="r"

The list goes on and on.

Unless you’re a developer and can send pull requests to fix these issues or specifically instructed to temporarily use the developers repository (I don’t think we ever did that yet), please do not use that repository.

I am aware of these issues. These changes aren’t ready yet for testers (the testers repository).
After these changes are ready however these might not immediately compatible with apparmor-profile-everything.

Not too bad but weird. Shouldn’t be done that way. Also since Tor as part of Tor Browser does not run inside Whonix-Workstation that will do effectivly nothing.

Again, sdwdate is not meant to be run from the command line.

Please don’t deviate from the standard configuration. It will just cause confusion.

Hello! Decided to try this out on the latest testing version and after installing that and restarting Whonix, I get this error message when trying to update. Any ideas are welcome. Total noobie when it comes to finding logs and stuff, but I’ll dig in for it in an hour or so.

Edit: It also seems to have broken guest additions for me.

user@host:~$ upgrade-nonroot
Reading package lists…
W: chown to _apt:root of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (13: Permission denied)
W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (13: Permission denied)
W: chown to _apt:root of directory /var/lib/apt/lists/auxfiles failed - SetupAPTPartialDirectory (13: Permission denied)
W: chmod 0700 of directory /var/lib/apt/lists/auxfiles failed - SetupAPTPartialDirectory (13: Permission denied)
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)

Link to a systemd log:
https://p.teknik.io/SvSa8

Coming back to apparmor-profile-everything today from my post in Jan, sdwdate is still broken and xorg has a new DENIED that disables me from entering the OS:

AVC apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/vendor” comm=“Xorg” requested_mask=“r” denied_mask=“r”
AVC apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/config” comm=“Xorg” requested_mask=“r” denied_mask=“r”
AVC apparmor=“DENIED” operation=“open” profile=“init-systemd” name=“/sys/power/state” comm=“systemd-logind” requested_mask=“r” denied_mask=“r”

I have this added within my Xorg profile:

/sys/devices/pci[0-9]/{,drm/} r,
/sys/devices/pci[0-9]/sound/card[0-9]*/id r,

What needs to be added and has the sdwdate issue been solved, does sdwdate work with the stable version of apparmor-profile-everything? I donated about 2000 in bitcoin to your project around Jan when I was trying to get this to work and it seems like this particular project is dead?

If you like to donate for a specific feature… If can proof the donation [1], I can forward it to @madaidan.

[1] By signing a message from the sending BTC address. (To save you some effort, this can wait until/if @madaidan gets back and agrees, thinks that is welcome/would be helpful or …)

I don’t have the donation signature as I wish to remain anon.

This is my dmesg output:

[ 28.083777] audit: type=1400 audit(1621973175.441:84): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/vendor” pid=972 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.084029] audit: type=1400 audit(1621973175.441:85): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/config” pid=972 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.088635] audit: type=1400 audit(1621973175.445:86): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/vendor” pid=972 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.089072] audit: type=1400 audit(1621973175.445:87): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/config” pid=972 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.539758] audit: type=1400 audit(1621973175.897:88): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/vendor” pid=995 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.539767] audit: type=1400 audit(1621973175.897:89): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/config” pid=995 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.544571] audit: type=1400 audit(1621973175.901:90): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/vendor” pid=995 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.544580] audit: type=1400 audit(1621973175.901:91): apparmor=“DENIED” operation=“open” profile=“Xorg” name=“/sys/devices/pci0000:00/0000:00:02.0/0000:03:00.0/config” pid=995 comm=“Xorg” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.758401] audit: type=1400 audit(1621973176.113:92): apparmor=“DENIED” operation=“open” profile=“init-systemd” name=“/sys/power/state” pid=766 comm=“systemd-logind” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
[ 28.761266] audit: type=1400 audit(1621973176.117:93): apparmor=“DENIED” operation=“open” profile=“init-systemd” name=“/sys/power/state” pid=766 comm=“systemd-logind” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0

I noticed in the stable release of apparmor-profile-everything that you have this in Xorg profile:

@{sys}/devices/**/{uevent,name} r,
@{sys_pci}/{device,revision,subsystem_device,subsystem_vendor,class,vendor,boot_vga,config,resource,drm/,sound/card[0-9]*/id} r,

I’m thinking a term has not been added to cater to this denied. This is from a new Kicksecure installation that I just performed and installed apparmor-profile-everything today.

The video card in question is an AMD card.

rapt must be used.

With the information on the donation already posted [1] it might be possible to figure out which transaction was yours anyhow. Seems quite doable to me. Assuming that, signing a message from that BTC address wouldn’t leak any additional information.

[1] You might want do delete that if you don’t want that public correlated to this account.

Since development stalled… Getting too time consuming, complex, daunting? I got an idea to simplify things.

The Whonix firewall AppArmor profile still unfixed. Do we really need a “real” AppArmor profile for Whonix firewall? That script is trusted anyhow.

(Trusted because required. Not because wanted.)

It doesn’t have any relevant attack surface. It’s in a location that should be coneptually only writeable by superadmin.

Going a step back… Due to AAE, now most/all binaries need an AppArmor profile. Otherwise they inherit the default / “everyone’s” AppArmor profile. That is insufficient for Whonix firewall.

To simplify this case and perhaps other related cases, couldn’t we instead just have a passthrough AppArmor profile that permits everything?

And also timesanitycheck. Did we really need an AppArmor profile for timesanitycheck which conceptually has no attack surface? It’s in locations which conceptually should only be wirteable by superadmin. Therefore it could either have a passthorugh AppArmor profile or even be allowed to be run unconfined? That seems a lot simpler than inventing tailored AppArmor profiles for things which conceptually have no attack surface. Otherwise is it still realistic that this will ever reach production level quality?

This should be allowed: https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/usr.lib.xorg.Xorg#L57

Does the policy on your system have this line?

Those wouldn’t solve the denial errors you posted above.

It should work, provided one is using it in the expected configuration and not running it from the command line.

It’s not dead; I’ve just been busy with other stuff recently and haven’t had much time to focus on Whonix.

It would certainly be helpful. I don’t have a crypto wallet currently, but I’ve been meaning to set one up.

The purpose of the whonix-firewall, timesanitycheck and similar profiles are not really to confine those services, but so we can remove certain capabilities from the overall profile. For example, whonix-firewall is the only thing that needs the CAP_NET_ADMIN capability (for setting firewall rules) so if we run it in its own profile, we can exclude that from the init-systemd profile and only grant it in the whonix-firewall profile, thereby preventing even a privileged attacker on the gateway from bypassing the Tor enforcement. Likewise, only a few services need CAP_SYS_TIME (sdwdate and timesanitycheck) so by giving those their own profiles, we can exclude that from the main profile also.

That would add significant attack surface.