/etc/apparmor.d/usr.bin.systemcheck:
User reported, that adding the following was required in context of using a user other than user user.
owner /run/sudo/ts/tux rwk,
tux is probably a user chosen account name. Any suggestions on correct sudo related AppArmor rules in that profile?
usr.bin.systemcheck already has owner /run/sudo/ts/user rw,, therefore is make senses to have owner /run/sudo/ts/* rw,, to support any username.
With apparmor.d installed a more stable solution would be:
owner @{run}/sudo/ts/@{user} rwk,
Also the systemcheck profile should probably be updated. For example abstractions/app/sudo handles all sudo accesses.
BTW, I removed any go build deps from apparmor.d, therefore you should be able to build it without issues.
Is adding support for apparmor.d still planned (even as classic confinement, not to confine PID 1).
They have been a lot of improvement since last year. The most notable being the play machine (https://play.pujol.io), and everything that comes under the hood.
Yes. Review of apparmor.d for Kicksecure, Whonix is on our roadmap. (ToDo for Developers)