Qutoe @madaidan https://forums.whonix.org/t/current-state-of-kloak/5605/10

In the logs, I'm now getting errors about kloak's AppArmor. The profile needs these lines

signal receive set=cont peer=unconfined,
signal receive set=exists peer=unconfined,
signal receive set=kill peer=unconfined,
signal receive set=term peer=unconfined,

Although, it's weird. I think this is because systemd sends those signals to kloak to kill it but then why wouldn't we need these for other AppArmor profiles?

I think the reason other profiles don't need this is because the base abstraction (which most profiles include) contains

signal (receive) peer=unconfined,

Which allows any unconfined process to send them signals.

The AppArmor profile for kloak doesn't use the base abstraction as it'd be mostly pointless.

See #22