[tor-bugs] #8991 [Tor]: tor debian package installs apparmor profile ineffectively
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 28 14:14:55 UTC 2013
#8991: tor debian package installs apparmor profile ineffectively
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
The Tor package for Debian (0.2.3.25-1) installs an AppArmor profile in
/etc/apparmor.d/system_tor . This is the correct filename under Ubuntu
Upstart, but incorrect under Debian.
Under Debian, the file must be named /etc/apparmor.d/usr.sbin.tor , or
alternatively usr.sbin.tor may be a symlink to system_tor .
The symptom of this bug is that the profile is loaded but not applied to
the running binary:
# dmesg | grep -i apparmor
[ 0.004000] AppArmor: AppArmor initialized
[ 0.030864] AppArmor: AppArmor Filesystem Enabled
[ 13.402898] type=1400 audit(1369748668.187:2): apparmor="STATUS"
operation="profile_load" name="system_tor" pid=1448 comm="apparmor_parser"
# ps auxwww | grep tor
102 1672 0.4 0.8 48484 17576 ? S 13:44 0:00
/usr/sbin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
--hush
# aa-status
AppArmor available in kernel.
1 profiles are loaded.
1 profiles are in enforce mode.
system_tor
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode. <<<<<<<< !!!
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list