Fresh install of Qubes 4.0. The wiki’s Security Guide appears to be outdated when it comes to Qubes 4.0. AppArmor for the Whonix TemplateVMs (different attempts using both fresh and restored) produced persistent AppArmor violation popups, along with no changes to kernelopts in the TemplateVM’s settings pages. Qubes 4.0 uses PVH virtualization wherever possible, and the qvm-pref man page states VM kernel parameters (–kernelopts) are available only for PV VMs.
So I assume AppArmor is currently unusable in this version of Qubes? I looked for any recent posts about this but saw nothing.
Yes, I am running kernel 4.14.18.1 but let me repeat that adding kernelopts with qvm-prefs is only supported on PV VMs in Qubes 4.0. Qubes offers a red warning about PV VMs, clearly it should no longer be used. Apparmor fails on VM start without the needed kernel parameters. I think AppArmor is unusable at the moment with this release, but maybe I’m missing something?