Which apparmor profiles you would like to have in Qubes?

dkzkz · February 10, 2026, 2:33pm

2 weeks ago i wrote this post Apparmor profile for Qubes available! I’ve made a lot of progress and added multiples apparmor profiles in the codeberg repository i would like to ask to the community which app you’re using missing ?

The goal is to make a lot of apparmor profiles for Qubes users and in the future i will ask to the qubes dev to make it available for every debian template of course i will maintain them myself or with other people (?) i don’t know but it’s not hard to do that alone anyway

I created a issue in the apparmor gitlab repository to ask the dev from apparmor why we have a protocol error when a user do aa-enforce x profile i’m worried about that every apps works fine but the error is strange…

quber · February 10, 2026, 2:35pm

dkzkz · February 10, 2026, 2:41pm

I do not understand your reply and by looking at his apparmor profile i don’t see how he’s hiding the fact he use Telegram to Telegram or i’m missing something ?

quber · February 10, 2026, 2:46pm

With this profile, the hypervisor name is changed to Desktop. I think every profile shoud have this.

quber · February 10, 2026, 2:49pm

If you install Telegram without it, Telegram knows that you us Qubes.

dkzkz · February 10, 2026, 2:54pm

I’m agree with you but i don’t undrstand the lines he put in the profile that protect the user from that is it this line ?

owner /home/user/.local/share/TelegramDesktop/{**,} rwkl,
owner /home/user/Telegram/* ixwr,

Also in every browser in the repository , communication app , mail etc i added deny / r,

deny /etc/machine-id r,

deny /var/lib/dbus/machine-id r,

This isn’t enough to protect a user from this issue ? Tell me i will make change ASAP if needed