[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Whonix AppArmor Profiles Development Discussion

Now merged.

1 Like

I am going to give this a try, will report if i encounter any problem

1 Like

So far, absolutely no problems! everything works as expected

2 Likes

Thanks for everyone who has been testing this!

As a result, the next security improvement install apparmor-profiles apparmor-profiles-extra apparmor-profiles-kicksecure by default could be moved forward.

1 Like

Old:

Previously the Enabling instructions only mentioned one example for one profile only:

  • sudo cp /usr/share/apparmor/extra-profiles/bin.netstat /etc/apparmor.d
  • sudo aa-enforce /etc/apparmor.d/bin.netstat

New:

The Enabling instructions have been edited by me just now.

  • Option B) Copy all profiles.
sudo cp /usr/share/apparmor/extra-profiles/* /etc/apparmor.d
  • Option B) Enable all profiles.
sudo aa-enforce /etc/apparmor.d/*

Call for Testers

  1. Did anyone test command…?
sudo cp /usr/share/apparmor/extra-profiles/* /etc/apparmor.d

and / or

  1. Did anyone test command…?
sudo aa-enforce /etc/apparmor.d/*

did both, it loaded a lot of profiles but at the end it printed this error
/etc/apparmor.d/usr.sbin.anondate-get doesn't contain a valid profile (syntax error?)

1 Like

That error is fixed in the stable repository.

apparmor-profile-torbrowser was blocking the ability of TB to access to any /home/user/folder except for /Downloads and the one where TB exist.

Now the profile doenst do any of that instead it allowed the access to all folders.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]