[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Whonix 14 / Debian stretch AppArmor related changes


#1

Once Whonix will be based on Debian stretch (i.e. Whonix 14), AppArmor denied messages no longer got to /var/log/kern.log as per Debian default. They go to /var/log/audit/audit.log.

Too look into that file:

kdesudo kwrite /var/log/audit/audit.log

To show any denied message no matter how old:

sudo cat /var/log/audit/audit.log | grep -i DENIED

To keep watching that file as it gets appended. This is useful when reproducing AppArmor denied messages / when testing the fixed profie.

sudo tail -f /var/log/audit/audit.log | grep --line-buffered DENIED

In Whonix 14, we no longer install apparmor-notify notify by default. (https://phabricator.whonix.org/T557) If you would like to help with Whonix AppArmor development, please manually install it.

sudo apt-get update && sudo apt-get install apparmor-notify

#2

#3