[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Tor marked as "enforced" process in Apparmor, but also "unconfined"

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Tor marked as "enforced" process in Apparmor, but also "unconfined"
From: Christian <brightsidedarkside@xxxxxxxxxxx>
Date: Wed, 14 Nov 2012 02:56:19 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 13 Nov 2012 21:11:48 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx

Dear fellows,

I use Ubuntu Precise 12.04 and as I run a Bridge, I find the idea of
confining Tor with an Apparmor profile charming.

When upgrading Ubuntu and Tor, the Apparmor stuff seemed to be
automatically worked out, so I deleted my old handmade usr.sbin.tor
profile as I found the new system_tor profile.

Wenn I type "sudo aa-status", I get system_tor as "enforced process"
with its correct process id and there's no process "unconfined, but with
a profile defined".

But when I type "sudo aa-unconfined", /usr/sbin/tor ist marked as "not
confined".

So, what about that being charming? Is everything bad? Or good, and it's
just I'm an idiot?

I tried to rename the system_tor profile to usr.sbin.tor and adjusted
its name in the profile itself, but this only results in Tor being
listed under "unconfined processes that have a profile defined" when
typing "sudo aa-status".

Anybody who can see clear in this issue?

Any help is appreciated and thanks in advance.

christian

P.S.: I really did a "sudo service apparmor reload" ;-)


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Deploy relays using hidden exit IP's?
Next by Author: Re: [tor-relays] How to get client locale statistics without arm?
Previous by thread: [tor-relays] Tracking fast Tor exits
Next by thread: [tor-relays] traffic pattern indicates MITM?
Index(es):
- Author
- Thread