Whonix AppArmor Profiles Development Discussion


User reported, that adding the following was required in context of using a user other than user user.

owner /run/sudo/ts/tux rwk,

tux is probably a user chosen account name. Any suggestions on correct sudo related AppArmor rules in that profile?

usr.bin.systemcheck already has owner /run/sudo/ts/user rw,, therefore is make senses to have owner /run/sudo/ts/* rw,, to support any username.

With apparmor.d installed a more stable solution would be:

  owner @{run}/sudo/ts/@{user} rwk,

Also the systemcheck profile should probably be updated. For example abstractions/app/sudo handles all sudo accesses.

BTW, I removed any go build deps from apparmor.d, therefore you should be able to build it without issues.

1 Like