[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6996 [Obfsproxy]: Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service



#6996: Problems with starting managed Obfsproxy server when installed via debian
package and with Tor as service
-----------------------+----------------------------------------------------
 Reporter:  linda      |          Owner:  asn             
     Type:  defect     |         Status:  new             
 Priority:  normal     |      Milestone:                  
Component:  Obfsproxy  |        Version:  Tor: 0.2.3.22-rc
 Keywords:             |         Parent:                  
   Points:             |   Actualpoints:                  
-----------------------+----------------------------------------------------

Comment(by Christian):

 Hm, this does generate a new policy in
 ```/etc/apparmor.d/usr.bin.obfsproxy``` (which did not exist before):

 {{{
 #include <tunables/global>
 /usr/bin/obfsproxy {
   #include <abstractions/base>
   #include <abstractions/python>
   /usr/bin/obfsproxy r,
   /usr/bin/python2.7 ix,
 }
 }}}

 And I still have my ```local/system_tor``` in place (which is included by
 ```/etc/apparmor.d```):

 {{{
         /usr/bin/obfsproxy ix,
 }}}

 [https://help.ubuntu.com/community/AppArmor#Reload_all_profiles Reload all
 profiles]:

 {{{
 $ service apparmor reload
 }}}

 But ```obfsproxy``` is denied access again:

 {{{
 type=1400 audit(1366247818.957:57): apparmor="DENIED" operation="open"
 parent=28250 profile="system_tor" name="/usr/include/python2.7/pyconfig.h"
 pid=28252 comm="obfsproxy" requested_mask="r" denied_mask="r" fsuid=106
 ouid=0
 }}}

 Interestingly it says "```profile=system_tor```", although I just
 generated ```/etc/apparmor.d/usr.bin.obfsproxy```. Hm, for now I'll let
 ```obfsproxy``` run ''unconfined'':

 {{{
   /usr/bin/obfsproxy Uxr,
 }}}

 I'll have to ponder this a bit more. But maybe I should take this to the
 mailing list instead of spamming this ticket, sorry for this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6996#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs