[tor-bugs] #6996 [Obfsproxy]: Problems with starting managed Obfsproxy server when installed via debian package and with Tor as service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 18 01:49:14 UTC 2013
#6996: Problems with starting managed Obfsproxy server when installed via debian
package and with Tor as service
-----------------------+----------------------------------------------------
Reporter: linda | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version: Tor: 0.2.3.22-rc
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by Christian):
Hm, this does generate a new policy in
```/etc/apparmor.d/usr.bin.obfsproxy``` (which did not exist before):
{{{
#include <tunables/global>
/usr/bin/obfsproxy {
#include <abstractions/base>
#include <abstractions/python>
/usr/bin/obfsproxy r,
/usr/bin/python2.7 ix,
}
}}}
And I still have my ```local/system_tor``` in place (which is included by
```/etc/apparmor.d```):
{{{
/usr/bin/obfsproxy ix,
}}}
[https://help.ubuntu.com/community/AppArmor#Reload_all_profiles Reload all
profiles]:
{{{
$ service apparmor reload
}}}
But ```obfsproxy``` is denied access again:
{{{
type=1400 audit(1366247818.957:57): apparmor="DENIED" operation="open"
parent=28250 profile="system_tor" name="/usr/include/python2.7/pyconfig.h"
pid=28252 comm="obfsproxy" requested_mask="r" denied_mask="r" fsuid=106
ouid=0
}}}
Interestingly it says "```profile=system_tor```", although I just
generated ```/etc/apparmor.d/usr.bin.obfsproxy```. Hm, for now I'll let
```obfsproxy``` run ''unconfined'':
{{{
/usr/bin/obfsproxy Uxr,
}}}
I'll have to ponder this a bit more. But maybe I should take this to the
mailing list instead of spamming this ticket, sorry for this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6996#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list