Dev/AppArmor
From Whonix
< Dev
Contents
Introduction[edit]
We do enable AppArmor by default since Whonix ™ 9. This is done by the grub-enable-apparmor [archive] package.
A git branch to gather more information:
- https://github.com/Whonix/apparmor-profile-sdwdate/tree/debian-maintainer-scripts-debug-output [archive]
- comes with two new files
postrm[edit]
This is the postrm script, that debhelper creates and adds to the package during package build.
#!/bin/bash
## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
if [ -f /usr/lib/pre.bsh ]; then
source /usr/lib/pre.bsh
fi
set -e
true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
true "INFO: debhelper beginning here."
# Automatically added by dh_apparmor
if [ "$1" = "purge" ]; then
rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true
rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true
rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true
rmdir /etc/apparmor.d/local 2>/dev/null || true
fi
# End automatically added section
true "INFO: Done with debhelper."
true "
#####################################################################
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0
postinst[edit]
This is the postinst script, that debhelper creates and adds to the package during package build.
#!/bin/bash
## This file is part of {{project_name}}.
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
if [ -f /usr/lib/pre.bsh ]; then
source /usr/lib/pre.bsh
fi
set -e
true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
true "INFO: debhelper beginning here."
# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate
test -e "$LOCAL_APP_PROFILE" || {
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.bin.sdwdate.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
true "INFO: Done with debhelper."
true "
#####################################################################
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"}
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0
How to get the Debug Output[edit]
make deb-pkg export DEBDEBUG=1 sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb
Full xtrace during package reinstall[edit]
Package was already installed. Installed it again.
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1 (Reading database ... 152310 files and directories currently installed.) Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ... Unpacking replacement apparmor-profile-sdwdate ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm ++ own_filename=apparmor-profile-sdwdate.postrm ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' upgrade = purge ']' + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + exit 0 Setting up apparmor-profile-sdwdate (3:2.0-1) ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst ++ own_filename=apparmor-profile-sdwdate.postinst ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + exit 0
Relevant xtrace during package reinstall[edit]
Package was already installed. Installed it again.
+ '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + exit 0
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
https [archive] | (forcing) onion [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.