[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13160 [meek]: make a deb of meek and get into Debian



#13160: make a deb of meek and get into Debian
--------------------+---------------------
 Reporter:  proper  |          Owner:  dcf
     Type:  defect  |         Status:  new
 Priority:  Medium  |      Milestone:
Component:  meek    |        Version:
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:  #17964  |         Points:
  Sponsor:          |
--------------------+---------------------

Comment (by 6h72Q484AddGha8H):

 FYI, if AppArmor is enabled, the default Tor policy will block execution
 of the meek-client executable. A message like the following will be
 encountered upon running Tor via the service system:

 "[warn] Could not launch managed proxy executable at '/usr/bin/meek-
 client' ('Operation not permitted')."

 Running Tor as the root user bypasses the AppArmor policy and works fine,
 but you want it to work when called via automated service commands. The
 fix is to add the following line to the profile at
 /etc/apparmor.d/system_tor:

 /usr/bin/meek-client ix,

 This allows tor to callout to the meek-client without violating AppArmor
 by inheriting the execution policy ("ix"). Then you can restart both
 apparmor and tor and everything should work fine.

 $ sudo service apparmor restart
 $ sudo service tor restart

 Note: Tested on Ubuntu 15.10, but adding here so that when officially
 packaged, both distros will work with AppArmor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13160#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs