Apparmor and Qubes kernel question

Hey everyone so i’m creating apparmor profile to make every debian vm more safe for everyone using a debian template dkzkz/apparmor-qubes: Apparmor profile for debian template in Qubes - Codeberg.org

I tested to load every profile in my repository in the Qubes kernel by doing apparmor_parser -r see and it works great without any issue at this time.

But… i’d ike to know something what exactly could happen if Qubes update the Qubes kernel for the vm ? Do the qubes kernel update will remove the profile inside the current debian-13 kernel ? It’s unclear to me if a qubes kernel update will break the vm or not and in this case i must find something to do about that

I don’t know if i was clear enough i hope so…

The only way to find out is by testing. The only way to find out is by testing. Think like a QA person, do the “negative tests” and “positive tests” (in QA terminology) that come to your mind.

Some users have a “non stock” kernel configuration and run kernels built when kernel patches are released (probably not built on the same machine that Qubes runs on). Users that have this usually don’t run the same kernel for each qube or dom0.