Page MenuHomePhabricator

apparmor issues Whonix 11 / jessie
Closed, ResolvedPublic

Description

(As per https://www.whonix.org/forum/index.php/topic,97.msg8190.html#msg8190.)

This ticket is a reminder to check sudo apt-get install apparmor-profiles-whonix and to fix any eventual issues before the release of Whonix 11.

Details

Impact
Normal

Event Timeline

Patrick created this task.May 17 2015, 10:18 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: AppArmor, Whonix 11.
Patrick set Impact to Normal.
Patrick added a subscriber: Patrick.
user@host:~$ sudo aa-enforce /etc/apparmor.d/usr.bin.timesync 
Traceback (most recent call last):
  File "/usr/sbin/aa-enforce", line 30, in <module>
    tool.cmd_enforce()
  File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 153, in cmd_enforce
    apparmor.read_profiles()
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2572, in read_profiles
    read_profile(profile_dir + '/' + file, True)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2598, in read_profile
    profile_data = parse_profile_data(data, file, 0)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2922, in parse_profile_data
    raise AppArmorException(_('Invalid mode %(mode)s in file: %(file)s line: %(line)s') % {'mode': mode, 'file': file, 'line': lineno + 1 })
apparmor.common.AppArmorException: 'Invalid mode mrcux in file: /etc/apparmor.d/usr.lib.virtualbox.VirtualBox line: 49'

Problematic line in /etc/apparmor.d/usr.lib.virtualbox.VirtualBox.

/usr/lib/virtualbox/** mrcux,
Patrick assigned this task to troubadour.Jun 3 2015, 3:31 PM

Somehow I don't get cux to work. Using /usr/lib/virtualbox/** mrux, now. Non-ideal, but it at least fixes the bigger issue.

fix - https://phabricator.whonix.org/T313:
https://github.com/Whonix/apparmor-profile-virtualbox/commit/d5b72fab6414be8649fa238ef24387bb77442b07

I leave the final fix to @troubadour.

Had the same issue. The mrux or mrix permissions fix the parsing issue, but I'll have to check if that works in the host. I have not used the VirtualBox profile for a long time, and I'm not sure it's working as is in jessie. Not sure either if we should keep this profile in Whonix.

For the time being, we could close this task, and I'll put the VirtualBox profile check in the todo llist.

Patrick closed this task as Resolved.Jun 11 2015, 10:21 PM

Alright.