sdwdate and sdwdate-gui development thread

Development
350

Merged. (two re-added which worked with curl --head)

351

Maybe only an issue for me. Ignoring.

Hope that made sense?

352

When saying that sdwdate-gui is not installed in Qubes, I meant not enabled.
To completely enable it, we have to modify /usr/lib/sdwdate-gui/notify-shutdown too.

#!/bin/bash

## Copyright (C) 2018 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions

NAME="$(/usr/bin/qubesdb-read /name)"

if [ ! -z "$NAME" ]; then
    /usr/bin/qrexec-client-vm sys-whonix whonix.NewStatus+$NAME" shutdown"
fi

In my version, the qrexec-client-vm command was commented, replaced with true, as in start-maybe.

I am working with a fresh installation, from scratch. The Whonix policies are in dom0.

It’s already in the code, commented. I believe there was an issue with the position of the Exit button in the menu. Will look into it.

1 Like
353

Done in git master.

354

https://github.com/Whonix/sdwdate-gui/commit/bc4370caca3d041a15c749d5ba758bc6048e1d42

https://github.com/Whonix/sdwdate-gui/commit/e2eb9f84233e7580cc2ceb13990b90689bc39382

https://github.com/Whonix/sdwdate-gui/commit/d57c97978c77d74b92155bb19c360f723df42571

355
356

https://github.com/Whonix/sdwdate-gui/commit/daf102c9bf1365e9a9d69139d2f6f688b15bef3b

357

Posiiton of exit button is non-ideal but we really need that exit button. Better not having any exit button.

358

P

Put the exit button at he bottom of the menu.

Ideally, there should be a separator between the last vm and the exit button. Struggling with this.

1 Like
359

Merged, tested, and available from testers repository. The separation is category “perfection”. Working really, really good already. Much, much better to have an exit button.

360

We don’t need to trust qubesdb-read /name and can use an environment variable instead.

QREXEC_REMOTE_DOMAIN

I think I need to replace $1 with $QREXEC_REMOTE_DOMAIN in etc/qubes-rpc/whonix.NewStatus or something.

Probably does not work yet.

361
362
363

@madaidan

1 Like
364

Tried changing:

/usr/lib/sdwdate/url_to_unixtime mrix,

To

/usr/lib/sdwdate/url_to_unixtime mrCx,

Does not work.

audit: type=1400 audit(1577056822.492:946): apparmor=“DENIED” operation=“exec” info=“profile transition not found” error=-13 profile=“/usr/bin/sdwdate” name=“/usr/lib/sdwdate/url_to_unixtime” pid=23637 comm=“sdwdate” requested_mask=“x” denied_mask=“x” fsuid=107 ouid=0 target=“/usr/lib/sdwdate/url_to_unixtime”

1 Like
365

Cx is for child profiles which are profiles within a profile. e.g.

profile example /usr/bin/example {
  
  ...

  /usr/bin/example2 rCx,


  profile example2 /usr/bin/example2 {
    ...
  }

}

You’re looking for the Px rule which makes the program transition to a profile that’s the same name of the program, not specifically a child profile.

1 Like
366

madaidan via Whonix Forum:

Cx is for child profiles which are profiles within a profile. e.g.

profile example /usr/bin/example {
  
  ...

  /usr/bin/example2 rCx,


  profile example2 /usr/bin/example2 {
    ...
  }

}

You’re looking for the Px rule which makes the program transition to a profile that’s the same name of the program, not specifically a child profile.

Unfortunately does not work either.

Dec 23 07:26:59 work kernel: audit: type=1400
audit(1577104019.726:961): apparmor=“DENIED” operation=“exec” info=“no
new privs” error=-1 profile=“/usr/bin/sdwdate”
name=“/usr/lib/sdwdate/url_to_unixtime” pid=13236 comm=“sdwdate”
requested_mask=“x” denied_mask=“x” fsuid=107 ouid=0
target=“/usr/lib/sdwdate/url_to_unixtime”

1 Like
367

I think that might be an issue with sdwdate’s sandboxing (Systemd sandboxing fails when using a full system apparmor policy · Issue #14277 · systemd/systemd · GitHub). Try disabling it and see if it works.

1 Like
368

Could you fix these please?

Happening on sudo /usr/lib/sdwdate/restart_fresh.

Jan 14 20:51:41 host audit[22474]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/mktemp” pid=22474 comm=“sdwdate” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/mktemp”
Jan 14 20:51:41 host audit[22474]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/mktemp” pid=22474 comm=“sdwdate” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/mktemp”
Jan 14 20:51:41 host sdwdate[22472]: 2020-01-14 20:51:41 - sdwdate - INFO - create temp_dir: /tmp/tmp.mJZmHLnAca
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.575:168): apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/mktemp” pid=22474 comm=“sdwdate” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/mktemp”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.575:169): apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/mktemp” pid=22474 comm=“sdwdate” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/mktemp”
Jan 14 20:51:41 host sdwdate[22472]: 2020-01-14 20:51:41 - sdwdate - INFO - Tor socks host: 127.0.0.1 Tor socks port: 9050
Jan 14 20:51:41 host sdwdate[22472]: 2020-01-14 20:51:41 - sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
Jan 14 20:51:41 host audit[22476]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22476 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22476]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22476 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.587:170): apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22476 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.587:171): apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22476 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22477]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22477 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22477]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22477 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22478]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22478 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22478]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22478 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.591:172): apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22477 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.591:173): apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22477 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.591:174): apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22478 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.591:175): apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22478 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22479]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22479 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22479]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22479 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22480]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22480 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22480]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22480 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.595:176): apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22479 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host kernel: audit: type=1400 audit(1579035101.595:177): apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22479 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22481]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22481 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host audit[22481]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22481 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host Tor[876]: New control connection opened.
Jan 14 20:51:41 host audit[22486]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22486 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22486]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22486 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22487]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22487 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host audit[22487]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22487 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host Tor[876]: New control connection opened.
Jan 14 20:51:41 host audit[22492]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22492 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22492]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22492 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22493]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22493 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22493]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22493 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22494]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22494 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host audit[22494]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/rm” pid=22494 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/rm”
Jan 14 20:51:41 host Tor[876]: New control connection opened.
Jan 14 20:51:41 host audit[22499]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22499 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22499]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/cat” pid=22499 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/cat”
Jan 14 20:51:41 host audit[22500]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22500 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22500]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22500 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22501]: AVC apparmor=“ALLOWED” operation=“exec” profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22501 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”
Jan 14 20:51:41 host audit[22501]: AVC apparmor=“ALLOWED” operation=“exec” info=“no new privs” error=-1 profile=“/usr/bin/sdwdate” name=“/usr/bin/date” pid=22501 comm=“te_pe_tb_check” requested_mask=“x” denied_mask=“x” fsuid=116 ouid=0 target=“/usr/bin/sdwdate//null-/usr/bin/date”

1 Like
369

https://github.com/Whonix/sdwdate/pull/23