diff --git a/apparmor.d/tunables/home.d/whonix b/apparmor.d/tunables/home.d/whonix index e4272800..f462036f 100644 --- a/apparmor.d/tunables/home.d/whonix +++ b/apparmor.d/tunables/home.d/whonix @@ -1,6 +1,72 @@ # apparmor.d - Full set of apparmor profiles +# Copyright (C) 2012-2023 ENCRYPTED SUPPORT LP # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -alias /usr/bin/apt -> /usr/bin/apt.anondist, -alias /usr/bin/apt -> /usr/bin/apt.anondist-orig, +# Whonix aliases copied here as they conflict with apparmor.d +# Note: only installed on Whonix + +alias /usr/bin/apt-get -> /usr/bin/apt-get.anondist-orig, +alias /usr/bin/apt-get -> /usr/bin/apt-get.anondist, +alias /usr/bin/aptitude -> /usr/bin/aptitude.anondist-orig, +alias /usr/bin/aptitude -> /usr/bin/aptitude.anondist, +alias /usr/bin/curl -> /usr/bin/curl.anondist-orig, +alias /usr/bin/curl -> /usr/bin/curl.anondist, +alias /usr/bin/git -> /usr/bin/git.anondist-orig, +alias /usr/bin/git -> /usr/bin/git.anondist, +alias /usr/bin/gpg -> /usr/bin/gpg.anondist-orig, +alias /usr/bin/gpg -> /usr/bin/gpg.anondist, +alias /usr/bin/mixmaster-update -> /usr/bin/mixmaster-update.anondist-orig, +alias /usr/bin/mixmaster-update -> /usr/bin/mixmaster-update.anondist, +alias /usr/bin/onionshare -> /usr/bin/onionshare.anondist-orig, +alias /usr/bin/onionshare -> /usr/bin/onionshare.anondist, +alias /usr/bin/onionshare-gui -> /usr/bin/onionshare-gui.anondist-orig, +alias /usr/bin/onionshare-gui -> /usr/bin/onionshare-gui.anondist, +alias /usr/bin/rawdog -> /usr/bin/rawdog.anondist-orig, +alias /usr/bin/rawdog -> /usr/bin/rawdog.anondist, +alias /usr/bin/ricochet -> /usr/bin/ricochet.anondist-orig, +alias /usr/bin/ricochet -> /usr/bin/ricochet.anondist, +alias /usr/bin/ssh -> /usr/bin/ssh.anondist-orig, +alias /usr/bin/ssh -> /usr/bin/ssh.anondist, +alias /usr/bin/tor -> /usr/bin/tor.anondist-orig, +alias /usr/bin/tor -> /usr/bin/tor.anondist, +alias /usr/bin/wget -> /usr/bin/wget.anondist-orig, +alias /usr/bin/wget -> /usr/bin/wget.anondist, +alias /usr/bin/yum -> /usr/bin/yum.anondist-orig, +alias /usr/bin/yum -> /usr/bin/yum.anondist, +alias /usr/bin/yumdownloader -> /usr/bin/yumdownloader.anondist-orig, +alias /usr/bin/yumdownloader -> /usr/bin/yumdownloader.anondist, +alias /usr/sbin/tor -> /usr/sbin/tor.anondist-orig, +alias /usr/sbin/tor -> /usr/sbin/tor.anondist, + +alias /usr/share/tor/tor-service-defaults-torrc -> /usr/share/tor/tor-service-defaults-torrc.anondist-orig, +alias /usr/share/tor/tor-service-defaults-torrc -> /usr/share/tor/tor-service-defaults-torrc.anondist, + +alias /etc/default/tor -> /etc/default/tor.anondist-orig, +alias /etc/default/tor -> /etc/default/tor.anondist, +alias /etc/hostname -> /etc/hostname.anondist-orig, +alias /etc/hostname -> /etc/hostname.anondist, +alias /etc/hostname -> /etc/hostname.whonix-orig, +alias /etc/hostname -> /etc/hostname.whonix, +alias /etc/hosts -> /etc/hosts.anondist-orig, +alias /etc/hosts -> /etc/hosts.anondist, +alias /etc/hosts -> /etc/hosts.whonix-orig, +alias /etc/hosts -> /etc/hosts.whonix, +alias /etc/init.d/tor -> /etc/init.d/tor.anondist-orig, +alias /etc/init.d/tor -> /etc/init.d/tor.anondist, +alias /etc/issue -> /etc/issue.whonix, +alias /etc/localtime -> /etc/localtime.anondist-orig, +alias /etc/localtime -> /etc/localtime.anondist, +alias /etc/motd -> /etc/motd.whonix, +alias /etc/resolv.conf -> /etc/resolv.conf.anondist-orig, +alias /etc/resolv.conf -> /etc/resolv.conf.anondist, +alias /etc/resolv.conf -> /etc/resolv.conf.kicksecure-orig, +alias /etc/resolv.conf -> /etc/resolv.conf.kicksecure, +alias /etc/resolv.conf -> /etc/resolv.conf.whonix-orig, +alias /etc/resolv.conf -> /etc/resolv.conf.whonix, +alias /etc/rinetd.conf -> /etc/rinetd.conf.anondist-orig, +alias /etc/rinetd.conf -> /etc/rinetd.conf.anondist, +alias /etc/timezone -> /etc/timezone.anondist-orig, +alias /etc/timezone -> /etc/timezone.anondist, +alias /etc/tor/torrc -> /etc/tor/torrc.anondist-orig, +alias /etc/tor/torrc -> /etc/tor/torrc.anondist, diff --git a/pkg/prebuild/prebuild.go b/pkg/prebuild/prebuild.go index b56644eb..4553156c 100644 --- a/pkg/prebuild/prebuild.go +++ b/pkg/prebuild/prebuild.go @@ -37,6 +37,19 @@ func init() { builder.Register("abi3") cfg.Overwrite.Enabled = true } + case "whonix": + cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure +/etc/apparmor.d/home.tor-browser.firefox +/etc/apparmor.d/tunables/home.d/anondist +/etc/apparmor.d/tunables/home.d/live-mode +/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist +/etc/apparmor.d/usr.bin.hexchat +/etc/apparmor.d/usr.bin.sdwdate +/etc/apparmor.d/usr.bin.systemcheck +/etc/apparmor.d/usr.bin.timesanitycheck +/etc/apparmor.d/usr.bin.url_to_unixtime +/etc/apparmor.d/whonix-firewall +` } }