Actions

Dev/AppArmor

< Dev

Introduction[edit]

We do enable AppArmor by default since Whonix 9. This is done by the grub-enable-apparmor package.

A git branch to gather more information:

postrm[edit]

This is the postrm script, that debhelper creates and adds to the package during package build. 

#!/bin/bash

## This file is part of Whonix.
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "purge" ]; then
    rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true
    rmdir /etc/apparmor.d/local 2>/dev/null || true
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

postinst[edit]

This is the postinst script, that debhelper creates and adds to the package during package build. 

#!/bin/bash

## This file is part of Whonix.
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
    APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
    if [ -f "$APP_PROFILE" ]; then
        # Add the local/ include
        LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate

        test -e "$LOCAL_APP_PROFILE" || {
            tmp=`mktemp`
        cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.bin.sdwdate.
# For more details, please see /etc/apparmor.d/local/README.
EOM
            mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
            mv -f "$tmp" "$LOCAL_APP_PROFILE"
            chmod 644 "$LOCAL_APP_PROFILE"
        }

        # Reload the profile, including any abstraction updates
        if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then
            apparmor_parser -r -T -W "$APP_PROFILE" || true
        fi
    fi
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

How to get the Debug Output[edit]

make deb-pkg
export DEBDEBUG=1
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb

Full xtrace during package reinstall[edit]

Package was already installed. Installed it again. 

sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb 
dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1
(Reading database ... 152310 files and directories currently installed.)
Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ...
Unpacking replacement apparmor-profile-sdwdate ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm
++ own_filename=apparmor-profile-sdwdate.postrm
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' upgrade = purge ']'
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ exit 0
Setting up apparmor-profile-sdwdate (3:2.0-1) ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst
++ own_filename=apparmor-profile-sdwdate.postinst
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ exit 0

Relevant xtrace during package reinstall[edit]

Package was already installed. Installed it again. 

+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ exit 0
Random News:

Don't mind having your name connected to Whonix? Follow us on Twitter / Facebook / g+.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)

Retrieved from "https://www.whonix.org/w/index.php?title=Dev/AppArmor&oldid=32230"