Qubes AppArmor
If you are interested, click on Expand on the right.
Proceed at your own risk!
 |
If considering the use of Tor bridges, be aware that AppArmor has caused problems with obfsproxy in the past. [1] |
The following steps should be completed in dom0 for both whonix-gw and whonix-ws TemplateVMs. After these settings have been applied to the Whonix templates, the sys-whonix (ProxyVM) and anon-whonix (AppVM) will inherit the AppArmor kernel settings. It is unnecessary for users to recreate the sys-whonix and anon-whonix TemplateBasedVMs to benefit from these new kernel parameters.[2] It is also important for users to verify AppArmor is active in the sys-whonix and anon-whonix VMs after making these changes.
Whonix-Gateway
Open a dom0 terminal.
Qubes App Launcher (blue/grey "Q") -> System Tools -> Xfce Terminal
List the current kernel parameters.
For Qubes R3.2, and later releases this will show.
nopat
Keep the existing kernel parameters and add 'apparmor=1 security=apparmor'. For example.
List the current kernel parameters again (hit the up arrow key twice; you don't have to type the command again).
The output should show AppArmor is part of the new kernel parameters. For example.
nopat apparmor=1 security=apparmor
Start the sys-whonix ProxyVM and confirm AppArmor is now active.
The output should show.
0
Whonix-Workstation
Open a dom0 terminal.
Qubes App Launcher (blue/grey "Q") -> System Tools -> Xfce Terminal
List the current kernel parameters.
For Qubes R3.2, and later releases this will show.
nopat
Keep the existing kernel parameters and add 'apparmor=1 security=apparmor'. For example.
List the current kernel parameters again (hit the up arrow key twice; you don't have to type the command again).
The output should show AppArmor is part of the new kernel parameters. For example.
nopat apparmor=1 security=apparmor
Start the anon-whonix AppVM and confirm AppArmor is now active.
The output should show.
0