Actions

Dev/AppArmor

From Whonix

< Dev

Introduction[edit]

We do enable AppArmor by default since Whonix ™ 9. This is done by the grub-enable-apparmor package.

A git branch to gather more information:

postrm[edit]

This is the postrm script, that debhelper creates and adds to the package during package build.

#!/bin/bash

## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "purge" ]; then
    rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true
    rmdir /etc/apparmor.d/local 2>/dev/null || true
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

postinst[edit]

This is the postinst script, that debhelper creates and adds to the package during package build.

#!/bin/bash

## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
    APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
    if [ -f "$APP_PROFILE" ]; then
        # Add the local/ include
        LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate

        test -e "$LOCAL_APP_PROFILE" || {
            tmp=`mktemp`
        cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.bin.sdwdate.
# For more details, please see /etc/apparmor.d/local/README.
EOM
            mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
            mv -f "$tmp" "$LOCAL_APP_PROFILE"
            chmod 644 "$LOCAL_APP_PROFILE"
        }

        # Reload the profile, including any abstraction updates
        if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then
            apparmor_parser -r -T -W "$APP_PROFILE" || true
        fi
    fi
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

How to get the Debug Output[edit]

make deb-pkg
export DEBDEBUG=1
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb

Full xtrace during package reinstall[edit]

Package was already installed. Installed it again.

sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb 
dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1
(Reading database ... 152310 files and directories currently installed.)
Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ...
Unpacking replacement apparmor-profile-sdwdate ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm
++ own_filename=apparmor-profile-sdwdate.postrm
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' upgrade = purge ']'
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ exit 0
Setting up apparmor-profile-sdwdate (3:2.0-1) ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst
++ own_filename=apparmor-profile-sdwdate.postinst
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ exit 0

Relevant xtrace during package reinstall[edit]

Package was already installed. Installed it again.

+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ exit 0

[advertisement] Looking to Sell Your Company? Contact me.


Have you contributed to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix authorship page.

https | (forcing) onion
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.