Once Whonix will be based on Debian stretch (i.e. Whonix 14), AppArmor denied messages no longer got to
/var/log/kern.log as per Debian default. They go to
Too look into that file:
kdesudo kwrite /var/log/audit/audit.log
To keep watching that file as it gets appended. This is useful when reproducing AppArmor denied messages / when testing the fixed profie.
sudo tail -f /var/log/audit/audit.log | grep --line-buffered DENIED
In Whonix 14, we no longer install apparmor-notify notify by default. (https://phabricator.whonix.org/T557) If you would like to help with Whonix AppArmor development, please manually install it.
sudo apt-get update && sudo apt-get install apparmor-notify