Upgraded to VB6.1; permission-lockdown failed exit code 13

denisgoddard · March 7, 2020, 3:11pm

I recently upgraded from VB6.0 to VirtualBox-6.1-6.1.4
Immediately after upgrading, I started my Gateway and ran whonixcheck, but got
/usr/lib/security-misc/permission-lockdown failed: exit code 13 unsupported by Whonix developers! Whonixcheck aborted! (qubes_detected: false)

I tried settingWHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=“1” in /etc/whonix.d/50_whonixcheck_user.conf , and that allowed whonixcheck to run, but it reports “No updates found via apt-get.”

Is it just the case that I upgraded too early and a new whonix update is forthcoming? Or is something else afoot that I should check?

Any help much appreciated, thanks!

Patrick · March 7, 2020, 4:52pm

Hello. Thanks for the report!

I can’t reproduce this. Though, I don’t think it’s related to virtualbox or guest additions.

Check this command:

ls -la /etc/apparmor.d/usr.lib.security-misc.permission-lockdown

expected output:

ls: cannot access ‘/etc/apparmor.d/usr.lib.security-misc.permission-lockdown’: No such file or directory

Also restore any config by apparmor-profile-anondist to original value if that file changed somehow.

sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" apparmor-profile-anondist

Doing this for whonixcheck can’t hurt either.

sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" whonixcheck

Otherwise please provide instructions for issue reproduction.

I.e. starting with download a, do step 1, 2, 3 and then x happens.

denisgoddard · March 7, 2020, 8:17pm

Wow, thanks Patrick for the quick reply – and let me take the opportunity to thank you in person for Whonix!! <3

By the way, I failed to mention earlier but I’m on 15.0.0.3.3 (though I do run whonixcheck regularly and do what it says to do )

So, the file is indeed not there:
ls: cannot access '/etc/apparmor.d/usr.lib.security-misc.permission-lockdown': No such file or directory

I tried to reinstall apparmor and got this:
user@host:~$ sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" apparmor-profile-anondist
[sudo] password for user:
E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem.

Okay, so I tried that – and it hangs the VM. After a few seconds, it no longer response to keyboard/mouse/window size change/etc. VirtualBox thinks it’s fine – status monitor shows 30-40% CPU – but it’s been doing that for a few hours now (see attached)

I’m wondering if the VBox upgrade went wonky on this VM (for who-knows-what reason)

It strikes me that this is just Gateway, after all – what do you think about just blowing away this VM (keeping the Workstation, natch) and reinstall it from Whonix-XFCE-15.0.0.3.3.ova ?
I had a look around the Docs section and didn’t find any warnings against (nor suggested procedures for doing so)

Repro case would be hard. I almost bet it can’t be. Shame on me for not snapshotting my VMs before upgrading VB

Patrick_mobile · March 8, 2020, 2:31am

denisgoddard · March 8, 2020, 3:49pm

Thanks! That did the trick!!

Upped the Gateway RAM to 1300MB and then re-ran
sudo dpkg --configure -a
and then
sudo apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" apparmor-profile-anondist
… and then everything on the Gateway Just Started Working again

Now I have another problem, sdwdate on the Workstation isn’t starting properly. But that appears totally unrelated; I’ll open a separate thread if I can’t get it sorted on my own.

And I’ve now subscribed to important-news tag, so hopefully I’ll see tips like this going forward.

I truly cannot thank you enough, but I did kick in a little