They’re not installed by default in Debian. It is a default Debian package (by Debian, not by Whonix). It just is installed by default in Whonix (not in Debian).
After running “apt-get purge apparmor-profile-whonxicheck” and even after “cd /etc/apparmor.d” and “sudo grep whonixcheck *” yielding no results, whonixcheck’s AppArmor profile was still in effect. Is this expected? Shouldn’t the profile be unloaded on purge? Or what must be done to really unload a profile without reboot?
This is expected. Once the profile is loaded in the kernel, the only way to remove it to run “sudo apparmor_parser -R profile-name” or “sudo aa-disable profile-name”. Both commands expect the profile file to be existing. So when the profile file is deleted (manually or after purging), the only way I know to unload it is rebooting.
Pushed an update. The “d” mask is not documented anywhere. Because of operation=“unlink”, I have given the “l” mask. Could you test it?[/quote]
Merged and testing now.
When installing the torbrowser profile with “sudo apt-get install apparmor-profile-torbrowser”, the last update is missing ("@{HOME}/tor-browser_*/Data/Browser/profile.default/ r,").
[quote=“troubadour, post:356, topic:108”]When installing the torbrowser profile with “sudo apt-get install apparmor-profile-torbrowser”, the last update is missing (“@{HOME}/tor-browser_*/Data/Browser/profile.default/ r,”).
It’s OK when installing from github.[/quote]
Off-topic: I thought I answered that a few days ago. Somehow it got lost perhaps.
On-topic: This is expected. I am not keeping the remote repository up to date yet. When there are releases, the remote repository will be up to date. But I am not sure the effort maintaining the repository for use outside of Whonix would be justified.
[quote=“troubadour, post:309, topic:108”][quote]
Quote from: troubadour on July 27, 2014, 10:22:04 pm
[quote]
When installing Icedove for the first time, clicking a link in a message tries to start Iceweasel, which is not allowed (rightly) if Icedove is confined by AppArmor.
To use Tor Browser instead,
Preferences -> Advanced -> Config Editor -> network.protocol-handler.warn-external.http and
Preferences -> Advanced -> Config Editor -> network.protocol-handler.warn-external.https
have to be set to "true".
When a link is clicked, a popup asking for the preferred browser is shown, where one should select "/home/user/tor-browser_[your-language]/Browser/firefox".
Should we mention it somewhere in the wiki?[/quote]
I am not sure I 100% understand, but please feel free to document this.[/quote]
When I switched to Whonix 8.6, I had to install Icedove, like everyone, I guess. Clicking a link in an email was opening Iceweasel directly. One can use right-click “Copy Link Location” and paste it in Torbrowser, but I modified the preferences in Icedove to open it in Torbrowser, on the ground that it is safer that way than opening both browsers at the same time or Iceweasel only, despite the ongoing discussion in tor-talk and Sign in · GitLab
This is still valid. I can document this (with clearer explanations), but I do not see where in the wiki.
By the way, I will take some time to update the AppArmor part in the wiki.