On 8/17/19 5:30 PM, Chris Laprise wrote:
> On 8/17/19 6:27 AM, ronpunz wrote:
>> Is it recommended to enable Apparmor in TemplateVM's? I note from whonix
>> docs that this can be achieved in dom0 using qvm-prefs -s templatename
>> kernelopts "nopat apparmor=1 security=apparmor".
>>
>
> I personally recommend doing this for Debian 10 (and Whonix 15, which
> is based on it) because that OS enables it by default.
>
> Qubes developers seem to agree, and have an issue for discussing the
> best way to make this a default in Qubes:
>
>
https://github.com/QubesOS/qubes-issues/issues/4088
>
> Users can manually add those settings to their template VMs, which
> will propagate to template-based VMs as long as the latter don't have
> custom kernelopts.
>
debian-10. Is this necessary in Qubes?