Whonix 14 / Debian stretch AppArmor related changes

Once Whonix will be based on Debian stretch (i.e. Whonix 14), AppArmor denied messages no longer got to /var/log/kern.log as per Debian default. They go to /var/log/audit/audit.log.

Too look into that file:

kdesudo kwrite /var/log/audit/audit.log

To show any denied message no matter how old:

sudo cat /var/log/audit/audit.log | grep -i DENIED

To keep watching that file as it gets appended. This is useful when reproducing AppArmor denied messages / when testing the fixed profie.

sudo tail -f /var/log/audit/audit.log | grep --line-buffered DENIED

In Whonix 14, we no longer install apparmor-notify notify by default. (⚓ T557 no longer install apparmor-notify by default) If you would like to help with Whonix AppArmor development, please manually install it.

sudo apt-get update && sudo apt-get install apparmor-notify
1 Like

THX for Information!

ef86