Dev/AppArmor
From Whonix
< Dev
Contents
Introduction[edit]
We do enable AppArmor by default since Whonix ™ 9. This is done by the grub-enable-apparmor [archive] package.
A git branch to gather more information:
- https://github.com/Whonix/apparmor-profile-sdwdate/tree/debian-maintainer-scripts-debug-output [archive]
- comes with two new files
postrm[edit]
This is the postrm script, that debhelper creates and adds to the package during package build.
#!/bin/bash
## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
if [ -f /usr/lib/pre.bsh ]; then
source /usr/lib/pre.bsh
fi
set -e
true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
true "INFO: debhelper beginning here."
# Automatically added by dh_apparmor
if [ "$1" = "purge" ]; then
rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true
rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true
rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true
rmdir /etc/apparmor.d/local 2>/dev/null || true
fi
# End automatically added section
true "INFO: Done with debhelper."
true "
#####################################################################
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0
postinst[edit]
This is the postinst script, that debhelper creates and adds to the package during package build.
#!/bin/bash
## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
if [ -f /usr/lib/pre.bsh ]; then
source /usr/lib/pre.bsh
fi
set -e
true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
true "INFO: debhelper beginning here."
# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
test -e "$LOCAL_APP_PROFILE" || {
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.bin.sdwdate.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
true "INFO: Done with debhelper."
true "
#####################################################################
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0
How to get the Debug Output[edit]
make deb-pkg export DEBDEBUG=1 sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb
Full xtrace during package reinstall[edit]
Package was already installed. Installed it again.
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1 (Reading database ... 152310 files and directories currently installed.) Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ... Unpacking replacement apparmor-profile-sdwdate ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm ++ own_filename=apparmor-profile-sdwdate.postrm ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' upgrade = purge ']' + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + exit 0 Setting up apparmor-profile-sdwdate (3:2.0-1) ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst ++ own_filename=apparmor-profile-sdwdate.postinst ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + exit 0
Relevant xtrace during package reinstall[edit]
Package was already installed. Installed it again.
+ '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + exit 0
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables [archive]. Please come and introduce yourself in the development forum [archive].
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.