[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify

Subject: [tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 25 Nov 2015 22:50:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Nov 2015 17:50:48 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17693: AppArmor profile denies access to run/systemd/notify
-------------------------+-------------------------------------
     Reporter:  regar42  |      Owner:
         Type:  defect   |     Status:  new
     Priority:  High     |  Milestone:
    Component:  Tor      |    Version:  Tor: 0.2.7.5
     Severity:  Normal   |   Keywords:  AppArmor systemd/notify
Actual Points:           |  Parent ID:
       Points:           |    Sponsor:
-------------------------+-------------------------------------
 When I upgraded from tor-0.2.6.10 to tor-0.2.7.5, I noticed my relay lost
 its Stable flag after a few days, so I started wondering why. It appears
 that I encounter this error :

   Nov 25 23:06:06 Dalekanium kernel: [12493.410382] audit: type=1400
 audit(1448489166.546:62): apparmor="DENIED" operation="sendmsg"
 info="Failed name lookup - disconnected path" error=-13
 profile="system_tor" name="run/systemd/notify" pid=9878 comm="tor"
 requested_mask="w" denied_mask="w" fsuid=0 ouid=0

 systemctl keeps restarting tor every 30seconds because he never receives
 the signal of start success from tor.

 How to reproduce :

 -install tor-0.2.7.5
 -check syslogs

 My machines specs :
 -apparmor 2.10-0ubuntu6
 -Ubuntu 15.10

 I fixed the bug adding a **attach_disconnected** flag to the tor apparmor
 profile and a writing autorisation on notify :
 **/{,var/}run/systemd/notify w,** like you can see in the two profiles I
 joined.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17693>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17691 [Nyx]: Arm won't work
Next by Author: Re: [tor-bugs] #17178 [Tor]: Single Onion Services: One-Hop Intro Point and Rendezvous
Previous by thread: Re: [tor-bugs] #17692 [Tor]: Review every use of onehop_tunnel for assumptions that it's a directory connection
Next by thread: Re: [tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify
Index(es):
- Author
- Thread