[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18370 [Tor]: Apparmor prevents last tor build from starting
#18370: Apparmor prevents last tor build from starting
--------------------------+------------------------------------
Reporter: Ricky_Martin | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.8.1-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------------+------------------------------------
Comment (by Ricky_Martin):
Replying to [comment:6 lunar]:
> In `/etc/apparmor.d/system_tor`, change the following line:
> {{{owner /varlib/tor/** rwk,}}}
> by:
> {{{/var/lib/tor/** rwk,}}}
> and the service should start.
>
> I think the changes related to `DataDirectory` handling make that it's
read before switching the user to `debian-tor`, hence AppArmor denied the
read.
I tried it but issue remains after apparmor profile reload.
Replying to [comment:5 weasel]:
> Please answer all of the following questions (some of them nick asked
previously, and you didn't answer them then)
>
> * which OS
> * which kernel
> * on what kind of system (hw/vps/..)
> * how are you starting tor
> * what does "service tor status" say
> * what does "service tor@default status" say
> * Please argue your drive-by comment that claims tor-service-defaults-
torrc-instances "can be totally removed from package".
Line provided above already includes OS (trusty - Ubuntu 14.04) and
possible kernels: since trusty supports only 3 kernel versions now but in
contents of fast security support only two, LTS hw stack from wily and
default trusty 3.13.x kernel. Forgive me my rudeness, but its obvious that
problem related to current apparmor profile and abstractions provided with
package.
And kernel version makes no sense at all here. But its quite strange that
same binary wants extra permissions, but using the same starting options
from tor-service-defaults-torrc, init.d file remains the same too. And it
makes no difference here at all starting tor using /etc/init.d/tor or
using 'service' command. Since tor status will be always "not running"
since apparmor prevents tor from starting. And tor-service-defaults-torrc-
instances is just a dump file now, since all logic included in tor-
service-defaults-tor file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18370#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs