Actions

Dev/AppArmor

From Whonix

< Dev


Introduction[edit]

We do enable AppArmor by default since Whonix ™ 9. This is done by the grub-enable-apparmor [archive] package.

A git branch to gather more information:

postrm[edit]

This is the postrm script, that debhelper creates and adds to the package during package build.

#!/bin/bash

## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "purge" ]; then
    rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true
    rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true
    rmdir /etc/apparmor.d/local 2>/dev/null || true
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

postinst[edit]

This is the postinst script, that debhelper creates and adds to the package during package build.

#!/bin/bash

## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

if [ -f /usr/lib/pre.bsh ]; then
   source /usr/lib/pre.bsh
fi

set -e

true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

true "INFO: debhelper beginning here."

# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
    APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
    if [ -f "$APP_PROFILE" ]; then
        # Add the local/ include
        LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate

        test -e "$LOCAL_APP_PROFILE" || {
            tmp=`mktemp`
        cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.bin.sdwdate.
# For more details, please see /etc/apparmor.d/local/README.
EOM
            mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
            mv -f "$tmp" "$LOCAL_APP_PROFILE"
            chmod 644 "$LOCAL_APP_PROFILE"
        }

        # Reload the profile, including any abstraction updates
        if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then
            apparmor_parser -r -T -W "$APP_PROFILE" || true
        fi
    fi
fi
# End automatically added section


true "INFO: Done with debhelper."

true "
#####################################################################
## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"

## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0

How to get the Debug Output[edit]

make deb-pkg
export DEBDEBUG=1
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb

Full xtrace during package reinstall[edit]

Package was already installed. Installed it again.

sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb 
dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1
(Reading database ... 152310 files and directories currently installed.)
Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ...
Unpacking replacement apparmor-profile-sdwdate ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm
++ own_filename=apparmor-profile-sdwdate.postrm
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' upgrade = purge ']'
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1
#####################################################################
'
+ exit 0
Setting up apparmor-profile-sdwdate (3:2.0-1) ...
+++ type -t errorhandlergeneral
++ '[' '' = function ']'
++ trap error_handler_pre ERR
++ bash -n /usr/lib/pre.bsh
++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst
++ own_filename=apparmor-profile-sdwdate.postinst
++ unset skip_script
+ set -e
+ true '
#####################################################################
## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ true 'INFO: debhelper beginning here.'
+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ true 'INFO: Done with debhelper.'
+ true '
#####################################################################
## INFO: END  : apparmor-profile-sdwdate postinst configure' '3:2.1-1
#####################################################################
'
+ exit 0

Relevant xtrace during package reinstall[edit]

Package was already installed. Installed it again.

+ '[' configure = configure ']'
+ APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
+ '[' -f /etc/apparmor.d/usr.bin.sdwdate ']'
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
+ test -e /etc/apparmor.d/local/usr.bin.sdwdate
+ '[' -x /usr/sbin/aa-status ']'
+ aa-status --enabled
+ apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
+ exit 0


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.