Dev/AppArmor
From Whonix
< Dev
Introduction[edit]
We do enable AppArmor by default since Whonix ™ 9. This is done by the grub-enable-apparmor [archive] package.
A git branch to gather more information:
- https://github.com/Whonix/apparmor-profile-sdwdate/tree/debian-contributor-scripts-debug-output [archive]
- comes with two new files
postrm[edit]
This is the postrm script, that debhelper creates and adds to the package during package build.
#!/bin/bash ## This file is part of {{project_name}}. ## Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP <adrelanos@whonix.org> ## See the file COPYING for copying conditions. if [ -f /usr/lib/pre.bsh ]; then source /usr/lib/pre.bsh fi set -e true " ##################################################################### ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"} ##################################################################### " true "INFO: debhelper beginning here." # Automatically added by dh_apparmor if [ "$1" = "purge" ]; then rm -f "/etc/apparmor.d/disable/usr.bin.sdwdate" || true rm -f "/etc/apparmor.d/force-complain/usr.bin.sdwdate" || true rm -f "/etc/apparmor.d/local/usr.bin.sdwdate" || true rmdir /etc/apparmor.d/local 2>/dev/null || true fi # End automatically added section true "INFO: Done with debhelper." true " ##################################################################### ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"} ##################################################################### " ## Explicitly "exit 0", so eventually trapped errors can be ignored. exit 0
postinst[edit]
This is the postinst script, that debhelper creates and adds to the package during package build.
#!/bin/bash ## This file is part of {{project_name}}. ## Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP <adrelanos@whonix.org> ## See the file COPYING for copying conditions. if [ -f /usr/lib/pre.bsh ]; then source /usr/lib/pre.bsh fi set -e true " ##################################################################### ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"} ##################################################################### " true "INFO: debhelper beginning here." # Automatically added by dh_apparmor if [ "$1" = "configure" ]; then APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate if [ -f "$APP_PROFILE" ]; then # Add the local/ include LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate test -e "$LOCAL_APP_PROFILE" || { tmp=`mktemp` cat <<EOM > "$tmp" # Site-specific additions and overrides for usr.bin.sdwdate. # For more details, please see /etc/apparmor.d/local/README. EOM mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true mv -f "$tmp" "$LOCAL_APP_PROFILE" chmod 644 "$LOCAL_APP_PROFILE" } # Reload the profile, including any abstraction updates if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then apparmor_parser -r -T -W "$APP_PROFILE" || true fi fi fi # End automatically added section true "INFO: Done with debhelper." true " ##################################################################### ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ${1+"$@"} ##################################################################### " ## Explicitly "exit 0", so eventually trapped errors can be ignored. exit 0
How to get the Debug Output[edit]
make deb-pkg export DEBDEBUG=1 sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb
Full xtrace during package reinstall[edit]
Package was already installed. Installed it again.
sudo -E dpkg -i ../apparmor-profile-sdwdate_2.0-1_all.deb dpkg: warning: downgrading apparmor-profile-sdwdate from 3:2.1-1 to 3:2.0-1 (Reading database ... 152310 files and directories currently installed.) Preparing to replace apparmor-profile-sdwdate 3:2.1-1 (using .../apparmor-profile-sdwdate_2.0-1_all.deb) ... Unpacking replacement apparmor-profile-sdwdate ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postrm ++ own_filename=apparmor-profile-sdwdate.postrm ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' upgrade = purge ']' + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postrm upgrade' '3:2.0-1 ##################################################################### ' + exit 0 Setting up apparmor-profile-sdwdate (3:2.0-1) ... +++ type -t errorhandlergeneral ++ '[' '' = function ']' ++ trap error_handler_pre ERR ++ bash -n /usr/lib/pre.bsh ++ bash -n /var/lib/dpkg/info/apparmor-profile-sdwdate.postinst ++ own_filename=apparmor-profile-sdwdate.postinst ++ unset skip_script + set -e + true ' ##################################################################### ## INFO: BEGIN: apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + true 'INFO: debhelper beginning here.' + '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + true 'INFO: Done with debhelper.' + true ' ##################################################################### ## INFO: END : apparmor-profile-sdwdate postinst configure' '3:2.1-1 ##################################################################### ' + exit 0
Relevant xtrace during package reinstall[edit]
Package was already installed. Installed it again.
+ '[' configure = configure ']' + APP_PROFILE=/etc/apparmor.d/usr.bin.sdwdate + '[' -f /etc/apparmor.d/usr.bin.sdwdate ']' + LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.bin.sdwdate + test -e /etc/apparmor.d/local/usr.bin.sdwdate + '[' -x /usr/sbin/aa-status ']' + aa-status --enabled + apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate + exit 0
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Do you wonder why Whonix ™ will always be free? Check out Why Whonix ™ is Freedom Software.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.