Whonix 14 / Debian stretch AppArmor related changes


Once Whonix will be based on Debian stretch (i.e. Whonix 14), AppArmor denied messages no longer got to /var/log/kern.log as per Debian default. They go to /var/log/audit/audit.log.

Too look into that file:

kdesudo kwrite /var/log/audit/audit.log

To show any denied message no matter how old:

sudo cat /var/log/audit/audit.log | grep -i DENIED

To keep watching that file as it gets appended. This is useful when reproducing AppArmor denied messages / when testing the fixed profie.

sudo tail -f /var/log/audit/audit.log | grep --line-buffered DENIED

In Whonix 14, we no longer install apparmor-notify notify by default. (https://phabricator.whonix.org/T557) If you would like to help with Whonix AppArmor development, please manually install it.

sudo apt-get update && sudo apt-get install apparmor-notify