I tested to load every profile in my repository in the Qubes kernel by doing apparmor_parser -r see and it works great without any issue at this time.
But… i’d ike to know something what exactly could happen if Qubes update the Qubes kernel for the vm ? Do the qubes kernel update will remove the profile inside the current debian-13 kernel ? It’s unclear to me if a qubes kernel update will break the vm or not and in this case i must find something to do about that
The only way to find out is by testing. The only way to find out is by testing. Think like a QA person, do the “negative tests” and “positive tests” (in QA terminology) that come to your mind.
Some users have a “non stock” kernel configuration and run kernels built when kernel patches are released (probably not built on the same machine that Qubes runs on). Users that have this usually don’t run the same kernel for each qube or dom0.
Thanks for the idea i switched the current kernel from the vm to a old qubes kernel version and it works completely fine the apparmor profile is still loaded in the kernel. But i don’t understand how is it possible i need to talk with apparmor specialist or Qubes dev about that but this scenario was not really what i wanted i will install a kernel in dom0 and see what happens for my vm
Run zcat /proc/config.gz > kernelconfig.txt on each kernel and compare the output.
Sounds like you haven’t run cd /usr/src/linux && make menuconfig before. This is part of the Gentoo Handbook.
If you are already this involved with AppArmor that you take note of what Linux kernels have configurations tha line up with what you are trying to do with AppArmer, you are prepared to get your feet wet with the Linux process.