Once Whonix will be based on Debian stretch (i.e. Whonix 14), AppArmor denied messages no longer got to /var/log/kern.log as per Debian default. They go to /var/log/audit/audit.log.
Too look into that file:
kdesudo kwrite /var/log/audit/audit.log
To show any denied message no matter how old:
sudo cat /var/log/audit/audit.log | grep -i DENIED
To keep watching that file as it gets appended. This is useful when reproducing AppArmor denied messages / when testing the fixed profie.
sudo tail -f /var/log/audit/audit.log | grep --line-buffered DENIED
In Whonix 14, we no longer install apparmor-notify notify by default. (⚓ T557 no longer install apparmor-notify by default) If you would like to help with Whonix AppArmor development, please manually install it.
sudo apt-get update && sudo apt-get install apparmor-notify