I am working with AppArmor (see the ‘Whonix in chroot’ thread). At the moment I am trying to confine TBB inside Whonix-Workstation. It looks promising but I am running into the following problem: for the profile to be completely transparent, you have to allow some processes and configuration files directly related to KDE. It is not good for portability.
Which brings the subject.
I think that a distribution like Whonix should get rid of the heavy machines, KDE or the depressing Gnome 3, to favor a lighter DM like Xfce4 (it looks like Debian is heading that way with jessie). It uses a lot less resources and seems more tolerant to packages playing at kernel level. I have written the profile for VirtualBox under Xfce4.
It is also nearly endlessly configurable, letting the user tailor it to her needs and tastes. It is important to me. Generally speaking, I don’t like much feeling trapped in an environment I despise.
Unless the customization could have an impact on anonymity?