Page MenuHomePhabricator
Feed Advanced Search

Sat, Apr 6

Patrick renamed T606: merge /etc/apparmor.d/abstractions/base.anondist from Debian bullseye from merge /etc/apparmor.d/abstractions/base.anondist from Debian buster to merge /etc/apparmor.d/abstractions/base.anondist from Debian bullseye.
Sat, Apr 6, 4:34 PM · Debian version 11 codename Bullseye, AppArmor, Whonix

Mar 7 2018

Patrick closed T557: no longer install apparmor-notify by default as Resolved.
Mar 7 2018, 1:08 AM · user documentation, usability, AppArmor, Whonix, Whonix 14

Feb 6 2018

Patrick removed a project from T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Debian version 9 codename Stretch.
Feb 6 2018, 1:03 AM · systemd, AppArmor, research, user documentation, enhancement, circumvention, Whonix

Sep 8 2017

JasonJAyalaP closed T676: fix obfs4proxy AppArmor issue in Whonix 14 as Resolved.
Sep 8 2017, 1:54 AM · Whonix 14, Whonix, AppArmor, circumvention

Sep 6 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah I see.

Sep 6 2017, 8:23 PM · Whonix 14, Whonix, AppArmor, circumvention

Sep 5 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

I changed it to
NoNewPrivileges=No
That's the only thing I can imagine that would be causing that parsing error. Testing now

> torproject's stretch repository [1] does not contain tor_0.3.1.5 yet.

Once TPOs stretch repo contains the latest, this workaround will no longer be needed, correct?
Sep 5 2017, 12:04 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

with =no, I'm no longer getting the parsing error

sudo journalctl | grep workaround

but /lib/systemd/system/tor@default.service is unaffected

# Hardening
AppArmorProfile=system_tor
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
...
Sep 5 2017, 11:56 AM · Whonix 14, Whonix, AppArmor, circumvention

Sep 4 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

with =no, I'm no longer getting the parsing error

Sep 4 2017, 11:29 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I changed it to
NoNewPrivileges=No
That's the only thing I can imagine that would be causing that parsing error. Testing now

Sep 4 2017, 11:11 PM · Whonix 14, Whonix, AppArmor, circumvention

Sep 3 2017

Patrick reopened T676: fix obfs4proxy AppArmor issue in Whonix 14 as "Open".
Sep 3 2017, 2:12 PM · Whonix 14, Whonix, AppArmor, circumvention

Jul 6 2017

Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

Thanks for updating me! No, then this needs to be removed. And the sandboxed tor browser chanter moved to https://www.whonix.org/wiki/Deprecated.

Jul 6 2017, 6:21 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

According to their wiki that you linked to: "Active development is on indefinite hiatus." Do you still want FP to talk about and link to that?

Jul 6 2017, 6:09 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP closed T676: fix obfs4proxy AppArmor issue in Whonix 14 as Resolved.
Jul 6 2017, 5:57 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a project to T676: fix obfs4proxy AppArmor issue in Whonix 14: Whonix 14.

Please keep the Whonix 14 tag. I guess this can be closed, resolved?

Jul 6 2017, 2:35 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

Ok I created the workaround as you described:

https://github.com/Whonix/anon-gw-anonymizer-config/commit/bfe28e340d03cc4d77e4f49e24bcc0a9da42da06
Jul 6 2017, 2:28 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

After FoxyProxy is installed, you may see an app-armory warning you

about the denied creation of dconf/user. The current Debian profile for
Firefox does not yet include the modern temporary file location /run/user.

Jul 6 2017, 2:13 PM · Whonix, AppArmor, Whonix 14
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

@Patrick 
the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?
Jul 6 2017, 2:12 PM · Whonix, AppArmor, Whonix 14
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

JasonJAyalaP (Jason J. Ayala P.):

the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?
Jul 6 2017, 2:09 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP removed a project from T676: fix obfs4proxy AppArmor issue in Whonix 14: Whonix 14.
Jul 6 2017, 12:25 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Debian bug report:

Jul 6 2017, 12:25 AM · Whonix 14, Whonix, AppArmor, circumvention

Jul 5 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ok I created the workaround as you described:
https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/lib/systemd/system/tor@default.service.d/40_obfs4proxy-workaround.conf

Jul 5 2017, 11:36 PM · Whonix 14, Whonix, AppArmor, circumvention

Jul 4 2017

JasonJAyalaP closed T662: AppArmor & FoxyProxy denied message as Resolved.
Jul 4 2017, 11:28 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

@Patrick
the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?

Jul 4 2017, 11:14 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

Reported but to app armor:
https://bugs.launchpad.net/apparmor/+bug/1702360

Jul 4 2017, 11:11 PM · Whonix, AppArmor, Whonix 14

Jul 1 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

Two things work:

  1. Changing obfs4 execution permission in system_tor apparmor profile (abstractions/tor) from PUx to ix.
  2. Keeping PUx but removing "NoNewPrivileges" from tor@default systemd service (/lib/systemd/system)
Jul 1 2017, 11:57 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

JasonJAyalaP (Jason J. Ayala P.):

But it should be apart of abstractions/user-tmp. Are you comfortable doing this, Patrick?
Jul 1 2017, 10:42 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

I really think that "access to the temp folder" should be a basic AA allowance. In fact, it is right now with #include user-tmp. However, user-tmp is so old (I'm guessing) it doesn't have /run/user/[0-9]/**

Jul 1 2017, 3:51 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

Ok, the line should be:

Jul 1 2017, 3:48 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP reopened T662: AppArmor & FoxyProxy denied message as "Open".

I get the message after a reboot.

Jul 1 2017, 3:27 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP closed T662: AppArmor & FoxyProxy denied message as Resolved.

Ok. I added the commented line to home.tor-browser.firefox

Jul 1 2017, 2:56 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Two things work:

Jul 1 2017, 2:42 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 30 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Pux (already Tor's default) is alright.

Jun 30 2017, 12:44 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

Ahh I see. I can setup i2p/freenet/zeronet and use FP to go through that.

I got zeronet working and browsing around. Latest aa profiles, aa-notify -p, journctl -f

No denied messages.

Jun 30 2017, 12:15 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

Ahh I see. I can setup i2p/freenet/zeronet and use FP to go through that.

Jun 30 2017, 5:28 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I commented out the lines in local/system_tor about obfsproxy. This caused obfsproxy to fail. Changing obfsproxy to rix didn't work. But I'm confused at what I'm seeing, and so I'm still looking at it.

Jun 30 2017, 3:57 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Comment that and obfs4proxy can run as PUx (instead of needing ix)

Jun 30 2017, 3:38 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 29 2017

Patrick closed T651: Tor Browser 7.0a2 broken in stretch based Whonix 14 - <jemalloc>: Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80), byte=0x0, a subtask of T662: AppArmor & FoxyProxy denied message, as Resolved.
Jun 29 2017, 5:31 PM · Whonix, AppArmor, Whonix 14
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

To save you from somehow learning about systemd overrides the hard way...

Jun 29 2017, 2:34 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

In this case, a /local file can probably not do the trick.

Jun 29 2017, 2:30 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah. I didn't see the include. Makes sense.

Jun 29 2017, 2:14 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.

A local proxy should do. Use any of these guides.

Jun 29 2017, 2:08 PM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah. I didn't see the include. Makes sense.

Jun 29 2017, 3:26 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

Do you got a proxy I can configure it to use? Still waiting for him to reply.

Jun 29 2017, 3:18 AM · Whonix, AppArmor, Whonix 14
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

/etc/apparmor.d/system_tor after #include <abstractions/tor> and #include <local/system_tor> will be interpreted like the following, I think:

Jun 29 2017, 3:01 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

But what I really don't know is how system_tor interacts with abstractions/

Jun 29 2017, 2:55 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.
I cant get latest FP on latest TB to actually use that file (and generate an error). I'm not sure what torjunkie does to trigger it.
Jun 29 2017, 2:45 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

FP replied

Sorry, but we have no idea what dconf/settings is. FoxyProxy does not read or write to such a file

Jun 29 2017, 2:19 AM · Whonix, AppArmor, Whonix 14
Patrick added a comment to T662: AppArmor & FoxyProxy denied message.
owner /run/user/[0-9]*/dconf/user rw
Jun 29 2017, 2:14 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

What do the other AA profiles do with the /run/user/1000? We give them access to 1000/APPNAME only?

Jun 29 2017, 1:08 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

I opened a ticket on the FoxyProxy system:

Jun 29 2017, 1:00 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T662: AppArmor & FoxyProxy denied message.

Probably hasn't solved itself.

You told him it wasn't a problem. But if you think it's worth it, alright.

Jun 29 2017, 12:00 AM · Whonix, AppArmor, Whonix 14

Jun 28 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

AA doesn't report a denied message when tor tries to launch obfs4. However:

Jun 28 2017, 11:55 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick reopened T662: AppArmor & FoxyProxy denied message as "Open".

Probably hasn't solved itself. This bug report presupposes quite a lot knowledge, isn't well described. Reproduction isn't obvious since it has two prerequisites. To explain what this is about and required for reproduction:

Jun 28 2017, 12:34 AM · Whonix, AppArmor, Whonix 14

Jun 27 2017

JasonJAyalaP closed T662: AppArmor & FoxyProxy denied message as Resolved.

I'll talk with torjunkie in the forum. I'll close this ticket because it's not a whonix 14 blocker, and every AA fix can't have its own ticket

Jun 27 2017, 7:34 PM · Whonix, AppArmor, Whonix 14

Jun 26 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Yes. Because the other solution "not use AppArmor for Tor" is not a great one. It worked in Whonix 13, just needs to be fixed for Whonix 14.

Jun 26 2017, 1:37 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

To be clear:
Tor ships a broken apparmor profile (for the last 5 years? Suggested nuke of the profile 3 years ago), and we're trying to unbreak obfs4, correct?

Jun 26 2017, 11:40 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

/etc/apparmor.d/system_tor is unmodified, owned by Debian tor packabe. /etc/apparmor.d/system_tor Will #include <local/system_tor>.

Jun 26 2017, 10:58 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Which app armor profile is blocking obfs4?

Jun 26 2017, 10:53 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP updated the task description for T662: AppArmor & FoxyProxy denied message.
Jun 26 2017, 10:50 AM · Whonix, AppArmor, Whonix 14
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Which app armor profile is blocking obfs4? Something from us or an apparmor profile that comes from tpo?

Jun 26 2017, 10:33 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 22 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

That's why we need to sort it out in https://github.com/Whonix/apparmor-profile-anondist/blob/master/etc/apparmor.d/abstractions/base.anondist somehow.

Jun 22 2017, 12:09 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Tor's own app armor profile breaks needed features (obs4). The ticket is 4 years old with no progress. Even they complained about needed to resolve or remove it (years ago).

Jun 22 2017, 2:28 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 16 2017

JasonJAyalaP added a subtask for T662: AppArmor & FoxyProxy denied message: T651: Tor Browser 7.0a2 broken in stretch based Whonix 14 - <jemalloc>: Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80), byte=0x0.
Jun 16 2017, 5:18 AM · Whonix, AppArmor, Whonix 14

Jun 5 2017

Patrick updated the task description for T676: fix obfs4proxy AppArmor issue in Whonix 14.
Jun 5 2017, 2:47 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick renamed T676: fix obfs4proxy AppArmor issue in Whonix 14 from test obfs4proxy in Whonix 14 to fix obfs4proxy AppArmor issue in Whonix 14.
Jun 5 2017, 2:45 PM · Whonix 14, Whonix, AppArmor, circumvention

Jun 3 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

You're right. /var/run/tor/log reports
"Could not launch managed proxy executable /usr/bin/obfs4proxy Operation not permitted"

Jun 3 2017, 7:17 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Is the obfs4proxy package installed? Probably yes.

Jun 3 2017, 3:19 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I was trying obfs4proxy in whonix-gateway. I editted the torrc to UseBridges 1 and added the Client Transport line (note, torrc.examples says to add "managed" at the end; https://github.com/Yawning/obfs4 does not). I then added bridges from tpo (bridge obfs4 ip ... ).
Whonixcheck reports WARNING can't connect to bridge REASON=PT_MISSING
PT_Missing is an error from stem: "no pluggable transport was available"

Jun 3 2017, 1:31 AM · Whonix 14, Whonix, AppArmor, circumvention

May 16 2017

Patrick created T676: fix obfs4proxy AppArmor issue in Whonix 14.
May 16 2017, 4:06 PM · Whonix 14, Whonix, AppArmor, circumvention

May 5 2017

Patrick closed T672: Tor Browser 7.0a3 apparmor fixes as Resolved.

https://github.com/Whonix/apparmor-profile-torbrowser/commit/9032e909c2b10e20ecf104d4eb1acc120df167d1

May 5 2017, 4:15 PM · Whonix 14, Whonix 13, AppArmor, Whonix
Patrick created T672: Tor Browser 7.0a3 apparmor fixes.
May 5 2017, 4:12 PM · Whonix 14, Whonix 13, AppArmor, Whonix

Apr 27 2017

Patrick created T662: AppArmor & FoxyProxy denied message.
Apr 27 2017, 8:05 PM · Whonix, AppArmor, Whonix 14

Feb 23 2017

Patrick closed T568: Pidgin Apparmor Profile Removal as Resolved.

https://github.com/Whonix/Whonix/commit/692b29b15aa33fc5b0c431d6bf0f3c2d5c1242fd

Feb 23 2017, 5:02 PM · Whonix 14, Whonix, AppArmor
Patrick edited projects for T568: Pidgin Apparmor Profile Removal, added: Whonix 14; removed Whonix 15.
Feb 23 2017, 5:02 PM · Whonix 14, Whonix, AppArmor

Feb 11 2017

Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 7:01 AM · systemd, AppArmor, research, user documentation, enhancement, circumvention, Whonix
Patrick removed a project from T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Whonix 14.

Not easy. Need to wait for reply from TPO.

Feb 11 2017, 7:00 AM · systemd, AppArmor, research, user documentation, enhancement, circumvention, Whonix
Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 6:57 AM · systemd, AppArmor, research, user documentation, enhancement, circumvention, Whonix
Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 6:53 AM · systemd, AppArmor, research, user documentation, enhancement, circumvention, Whonix

Jan 18 2017

Patrick renamed T606: merge /etc/apparmor.d/abstractions/base.anondist from Debian bullseye from merge /etc/apparmor.d/abstractions/base.anondist from Debian stretch to merge /etc/apparmor.d/abstractions/base.anondist from Debian buster.
Jan 18 2017, 7:42 AM · Debian version 11 codename Bullseye, AppArmor, Whonix
Patrick added a project to T355: understand / consider systemd ApparmorProfile= option: Whonix 14.
Jan 18 2017, 6:59 AM · Whonix 14, Whonix, systemd, Debian version 9 codename Stretch, AppArmor

Jan 15 2017

Patrick created T606: merge /etc/apparmor.d/abstractions/base.anondist from Debian bullseye.
Jan 15 2017, 7:52 AM · Debian version 11 codename Bullseye, AppArmor, Whonix

Oct 11 2016

Patrick changed the status of T557: no longer install apparmor-notify by default from Open to Review.

https://github.com/Whonix/anon-meta-packages/commit/4385dbdd54f68b0855cbc20574b9faa2d2f8a83e

Oct 11 2016, 8:24 PM · user documentation, usability, AppArmor, Whonix, Whonix 14
Patrick renamed T557: no longer install apparmor-notify by default from no longer install aa-notify by default to no longer install apparmor-notify by default.
Oct 11 2016, 8:23 PM · user documentation, usability, AppArmor, Whonix, Whonix 14

Oct 4 2016

HulaHoop renamed T568: Pidgin Apparmor Profile Removal from Pidgin Apparmor Proifle Removal to Pidgin Apparmor Profile Removal.
Oct 4 2016, 12:28 AM · Whonix 14, Whonix, AppArmor
HulaHoop renamed T568: Pidgin Apparmor Profile Removal from Pidgin Apparmor Porifle Removal to Pidgin Apparmor Proifle Removal.
Oct 4 2016, 12:27 AM · Whonix 14, Whonix, AppArmor
HulaHoop created T568: Pidgin Apparmor Profile Removal.
Oct 4 2016, 12:27 AM · Whonix 14, Whonix, AppArmor

Sep 18 2016

Patrick created T557: no longer install apparmor-notify by default.
Sep 18 2016, 2:04 PM · user documentation, usability, AppArmor, Whonix, Whonix 14

Jun 27 2016

Patrick closed T152: profile rule deduplication of apparmor-profile-sdwdate and apparmor-profile-timesync by creating an sdwdate AppArmor abstraction file as Resolved.

timesync and apparmor-profile-timesync were deprecated so this task in invalid.

Jun 27 2016, 7:00 PM · refactoring, Whonix, AppArmor
Patrick assigned T152: profile rule deduplication of apparmor-profile-sdwdate and apparmor-profile-timesync by creating an sdwdate AppArmor abstraction file to troubadour.
Jun 27 2016, 7:00 PM · refactoring, Whonix, AppArmor

Apr 29 2016

Patrick closed T40: consider transition from XChat to HexChat as Resolved.
Apr 29 2016, 6:57 AM · Whonix 13, AppArmor, Whonix, xchat-improved-privacy
Patrick closed T201: install apparmor profiles for software developed under the Whonix umbrella by default as Resolved.
Apr 29 2016, 5:49 AM · Whonix 13, easy, Whonix, AppArmor

Apr 28 2016

Patrick closed T314: solve apparmor-profile-pidgin vs apparmor-profiles conflict as Resolved.
ls -la /etc/apparmor.d/usr.bin.pidgin*
-rw-r--r-- 1 root root 2155 Oct 19  2014 /etc/apparmor.d/usr.bin.pidgin.dpkg-new
Apr 28 2016, 3:55 AM · Whonix 13, bug, Whonix, AppArmor
Patrick added a comment to T40: consider transition from XChat to HexChat.

https://github.com/Whonix/qubes-whonix/commit/ce2a36ebab3a645e70e4a9b49cab707583d5e518
https://github.com/Whonix/qubes-whonix/commit/d352376bdef192607d2d50bf6099e20f66f70db2

Apr 28 2016, 2:01 AM · Whonix 13, AppArmor, Whonix, xchat-improved-privacy

Apr 26 2016

Patrick added a comment to T40: consider transition from XChat to HexChat.

https://github.com/Whonix/whonix-ws-irc-chat-support/commit/ad98f8b66bf1e2b8c1cb8b1425330748a69acde0
https://github.com/Whonix/xchat-improved-privacy/commit/d91d06969170d704eba214faaeadf52c551b9143
https://github.com/Whonix/xchat-improved-privacy/commit/6bc6d90e1ba400f831536208ac0b317954e556bb

Apr 26 2016, 11:01 PM · Whonix 13, AppArmor, Whonix, xchat-improved-privacy

Feb 10 2016

Patrick placed T355: understand / consider systemd ApparmorProfile= option up for grabs.
Feb 10 2016, 1:40 AM · Whonix 14, Whonix, systemd, Debian version 9 codename Stretch, AppArmor
Patrick closed T355: understand / consider systemd ApparmorProfile= option as Resolved.

T355#5608 should be a good enough summary. And done. Nothing left to do here.

Feb 10 2016, 1:40 AM · Whonix 14, Whonix, systemd, Debian version 9 codename Stretch, AppArmor
Patrick renamed T355: understand / consider systemd ApparmorProfile= option from systemd ApparmorProfile= option to understand / consider systemd ApparmorProfile= option.
Feb 10 2016, 1:38 AM · Whonix 14, Whonix, systemd, Debian version 9 codename Stretch, AppArmor
Patrick added a comment to T355: understand / consider systemd ApparmorProfile= option.

A related issue....
systemd AppArmorProfile= directive unavailable leads to not loading AppArmor profile on Debian jessie:

Feb 10 2016, 1:38 AM · Whonix 14, Whonix, systemd, Debian version 9 codename Stretch, AppArmor

Jan 21 2016

Patrick changed the status of T314: solve apparmor-profile-pidgin vs apparmor-profiles conflict from Open to Review.

TODO testing:

Jan 21 2016, 9:48 PM · Whonix 13, bug, Whonix, AppArmor

Jan 20 2016

Patrick changed the status of T201: install apparmor profiles for software developed under the Whonix umbrella by default from Open to Review.
Jan 20 2016, 7:20 PM · Whonix 13, easy, Whonix, AppArmor