I see, I figured I would run Whonix-firewall in Kicksecure as host but I uninstalled Whonix-firewall within Kicksecure and will just go based on the settings Kicksecure has.
As for apparmor-profile-everything:
Apparmor-info in Kicksecure Host shows:
sudo apparmor-info
[sudo] password for user:
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=term peer=“init-systemd”
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“systemd” requested_mask=“receive” denied_mask=“receive” signal=kill peer=“init-systemd”
AVC apparmor=“DENIED” operation=“signal” profile=“dbus-daemon” comm=“at-spi-bus-laun” requested_mask=“receive” denied_mask=“receive” signal=term peer=“init-systemd”
How do I add that to the profiles?
Booting Whonix-Gateway with apparmor-profile-everything:
Running systemctl, apparmor.service fails.
haveged.service fails, tor@default.service fails
sudo systemctl status apparmor.service
[sudo] password for user:
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/apparmor.service.d
└─30_live_mode.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:42:19 UTC; 16s ago
Docs: man:apparmor(7)
Home · Wiki · AppArmor / apparmor · GitLab
Process: 3778 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, st
Main PID: 3778 (code=exited, status=1/FAILURE)
Jan 02 05:42:18 host systemd[1]: Starting Load AppArmor profiles…
Jan 02 05:42:19 host apparmor.systemd[3778]: Restarting AppArmor
Jan 02 05:42:19 host apparmor.systemd[3778]: Reloading AppArmor profiles
Jan 02 05:42:19 host systemd[1]: apparmor.service: Main process exited, code=exi
Jan 02 05:42:19 host apparmor.systemd[3778]: Found reference to variable dev_tty
Jan 02 05:42:19 host systemd[1]: apparmor.service: Failed with result 'exit-code
Jan 02 05:42:19 host apparmor.systemd[3778]: Found reference to variable dev_tty
Jan 02 05:42:19 host systemd[1]: Failed to start Load AppArmor profiles.
Jan 02 05:42:19 host apparmor.systemd[3778]: Error: At least one profile failed
lines 1-19/19 (END)
sudo systemctl restart haveged.service
user@host:~$ sudo systemctl status haveged.service
● haveged.service - Entropy daemon using the HAVEGE algorithm
Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/haveged.service.d
└─30_apparmor_profile_everything.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:44:22 UTC; 1s ago
Docs: man:haveged(8)
haveged - a simple entropy daemon
Process: 4833 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARG
Main PID: 4833 (code=exited, status=225/NETWORK)
Jan 02 05:44:22 host systemd[1]: Started Entropy daemon using the HAVEGE algorit
Jan 02 05:44:22 host systemd[4833]: haveged.service: Failed to set up network na
Jan 02 05:44:22 host systemd[4833]: haveged.service: Failed at step NETWORK spaw
Jan 02 05:44:22 host systemd[1]: haveged.service: Main process exited, code=exit
Jan 02 05:44:22 host systemd[1]: haveged.service: Failed with result ‘exit-code’
lines 1-15/15 (END)
sudo systemctl restart tor@default.service
Job for tor@default.service failed because the control process exited with error code.
See “systemctl status tor@default.service” and “journalctl -xe” for details.
user@host:~$ sudo systemctl status tor@default.service
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor@default.service.d
└─30_clean-torrc-d-on-reload.conf, 40_obfs4proxy-workaround.conf, 50_controlsocket-workar
Active: failed (Result: exit-code) since Sat 2021-01-02 05:46:53 UTC; 6s ago
Process: 5672 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (c
Process: 5673 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
Process: 5674 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f
Main PID: 5674 (code=exited, status=1/FAILURE)
Tasks: 1 (limit: 4608)
Memory: 50.0M
CGroup: /system.slice/system-tor.slice/tor@default.service
└─886 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor
Jan 02 05:46:53 host systemd[1]: tor@default.service: Killing process 886 (tor) with signal SIGKILL.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed to kill control group /system.slice/sys
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
Jan 02 05:46:53 host systemd[1]: Failed to start Anonymizing overlay network for TCP.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Service RestartSec=100ms expired, scheduling r
Jan 02 05:46:53 host systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 5
Jan 02 05:46:53 host systemd[1]: Stopped Anonymizing overlay network for TCP.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Start request repeated too quickly.
Jan 02 05:46:53 host systemd[1]: tor@default.service: Failed with result ‘exit-code’.
lines 1-23
Running sudo apparmor-info shows all Alloweds and no Denieds
Booting into Whonix-Workstation with apparmor-profile-everything breaks apparmor.service, haveged.service, kloak.service, and whonix-firewall.service. All Alloweds showing with apparmor-info and no Denieds.
sudo systemctl status haveged
● haveged.service - Entropy daemon using the HAVEGE algorithm
Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/haveged.service.d
└─30_apparmor_profile_everything.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:56:16 UTC; 3s ago
Docs: man:haveged(8)
haveged - a simple entropy daemon
Process: 2972 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARG
Main PID: 2972 (code=exited, status=225/NETWORK)
Jan 02 05:56:16 host systemd[1]: Started Entropy daemon using the HAVEGE algorit
Jan 02 05:56:16 host systemd[1]: haveged.service: Main process exited, code=exit
Jan 02 05:56:16 host systemd[1]: haveged.service: Failed with result ‘exit-code’
lines 1-13/13 (END)
sudo systemctl restart kloak
user@host:~$ sudo systemctl status kloak
● kloak.service - kloak anti keystroke deanonymization tool
Loaded: loaded (/lib/systemd/system/kloak.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Sat 2021-01-02 05:56:57 UTC; 3s ago
Docs: GitHub - vmonaco/kloak: Keystroke-level online anonymization kernel: obfuscates typing behavior at the device level.
Process: 3016 ExecStart=/usr/sbin/kloak (code=exited, status=225/NETWORK)
Main PID: 3016 (code=exited, status=225/NETWORK)
Jan 02 05:56:57 host systemd[1]: kloak.service: Main process exited, code=exited
Jan 02 05:56:57 host systemd[1]: kloak.service: Failed with result ‘exit-code’.
Jan 02 05:56:57 host systemd[1]: kloak.service: Service RestartSec=100ms expired
Jan 02 05:56:57 host systemd[1]: kloak.service: Scheduled restart job, restart c
Jan 02 05:56:57 host systemd[1]: Stopped kloak anti keystroke deanonymization to
Jan 02 05:56:57 host systemd[1]: kloak.service: Start request repeated too quick
Jan 02 05:56:57 host systemd[1]: kloak.service: Failed with result ‘exit-code’.
Jan 02 05:56:57 host systemd[1]: Failed to start kloak anti keystroke deanonymiz
lines 1-15/15 (END)
sudo systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset:
Drop-In: /lib/systemd/system/apparmor.service.d
└─30_live_mode.conf
Active: failed (Result: exit-code) since Sat 2021-01-02 05:57:42 UTC; 15s ago
Docs: man:apparmor(7)
Home · Wiki · AppArmor / apparmor · GitLab
Process: 3071 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, st
Main PID: 3071 (code=exited, status=1/FAILURE)
Jan 02 05:57:41 host systemd[1]: Starting Load AppArmor profiles…
Jan 02 05:57:42 host systemd[1]: apparmor.service: Main process exited, code=exi
Jan 02 05:57:44 host apparmor.systemd[3071]: Restarting AppArmor
Jan 02 05:57:44 host apparmor.systemd[3071]: Reloading AppArmor profiles
Jan 02 05:57:42 host systemd[1]: apparmor.service: Failed with result 'exit-code
Jan 02 05:57:44 host apparmor.systemd[3071]: Found reference to variable dev_tty
Jan 02 05:57:42 host systemd[1]: Failed to start Load AppArmor profiles.
Jan 02 05:57:44 host apparmor.systemd[3071]: Found reference to variable dev_tty
Jan 02 05:57:44 host apparmor.systemd[3071]: Error: At least one profile failed
This is using the latest apparmor-profile-everything from the Dev repo for Kicksecure, Whonix-Gateway and Whonix-Workstation.