[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26202 [- Select a component]: Packaged apparmor settings break tor within LXD containers

To: undisclosed-recipients: ;
Subject: [tor-bugs] #26202 [- Select a component]: Packaged apparmor settings break tor within LXD containers
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 25 May 2018 14:37:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 25 May 2018 10:37:51 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26202: Packaged apparmor settings break tor within LXD containers
--------------------------------------+------------------------------
     Reporter:  b                     |      Owner:  (none)
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:  Tor: 0.3.3.6
     Severity:  Normal                |   Keywords:  lxc lxd apparmor
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+------------------------------
 The packaged apparmor settings in the latest (0.3.3.6-1) .deb packages
 provided via torproject.org will stop the tor service from starting up in
 at least Xenial (16.04) and Bionic (18.04) containers on Ubuntu, using the
 latest LXD snap.

 The machine hosting the container will see this in its syslog/auditlog:

 `May 25 14:16:01 localhost kernel: [84735.795087] audit: type=1400
 audit(1527257761.902:653): apparmor="DENIED" operation="file_mmap"
 namespace="root//lxd-juju-ef908d-1_<var-snap-lxd-common-lxd>"
 profile="system_tor" name="/usr/bin/tor" pid=18256 comm="tor"
 requested_mask="m" denied_mask="m" fsuid=1000000 ouid=1000000`

 The fix is a simple one-character change in the
 `/etc/apparmor.d/abstractions/tor` file installed by the tor package,
 where the line `/usr/bin/tor r,` simply needs to change to `/usr/bin/tor
 mr,`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26202>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #26202 [Core Tor/Tor]: Packaged apparmor settings break tor within LXD containers
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #26202 [Core Tor/Tor]: Packaged apparmor settings break tor within LXD containers
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #26202 [Core Tor/Tor]: Packaged apparmor settings break tor within LXD containers
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #25750 [Applications/Tor Launcher]: update Tor Launcher for ESR 60
Next by Author: [tor-bugs] #26108 [Core Tor/Tor]: the FFI functions in crypto_rand.rs aren't actually exported
Previous by thread: Re: [tor-bugs] #25444 [Metrics/Library]: Add Apache Commons Codec dependency for java 9
Next by thread: Re: [tor-bugs] #26202 [Core Tor/Tor]: Packaged apparmor settings break tor within LXD containers
Index(es):
- Author
- Thread