On 8/18/19 2:50 AM, ronpunz wrote:
On 8/17/19 5:30 PM, Chris Laprise wrote:
On 8/17/19 6:27 AM, ronpunz wrote:
Is it recommended to enable Apparmor in TemplateVM's? I note from whonix
docs that this can be achieved in dom0 using qvm-prefs -s templatename
kernelopts "nopat apparmor=1 security=apparmor".
I personally recommend doing this for Debian 10 (and Whonix 15, which
is based on it) because that OS enables it by default.
Qubes developers seem to agree, and have an issue for discussing the
best way to make this a default in Qubes:
https://github.com/QubesOS/qubes-issues/issues/4088
Users can manually add those settings to their template VMs, which
will propagate to template-based VMs as long as the latter don't have
custom kernelopts.
The debian wiki https://wiki.debian.org/AppArmor/HowToUse suggests
installing apparmor-utils; which isn't installed by default in
debian-10. Is this necessary in Qubes?
I'd recommend it if you want to see what profiles are being enforced, or
to create new profiles.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/84d14471-e436-094f-95ed-ae14998d2e81%40posteo.net.
