Your message dated Fri, 05 Dec 2014 10:54:56 +0100 with message-id <[email protected]> and subject line Re: Bug#771945: tor: abstractions/nameservice is unnecessary in AppArmor profile has caused the Debian Bug report #771945, regarding tor: abstractions/nameservice is unnecessary in AppArmor profile to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 771945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771945 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: tor Version: 0.2.5.10-1 Severity: normal Please consider removing the line #include <abstractions/nameservice> from /etc/apparmor.d/abstractions/tor. In my testing tor seems to function just fine without it; I haven't seen any errors reported to audit.log or tor's own log. The nameserver abstraction grants access to e.g. /etc/passwd that could reveal the identity of the owner of the machine. Please note that I've only tested the basic functionality of tor - not any pluggable transports, etc. If those require direct access to DNS, perhaps leave the nameservice abstraction but deny access to files such as /etc/{passwd,group,etc} that should not be needed in any use case? Also, is access to /etc/localtime (in abstractions/base) really needed? Best regards, Henrik -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tor depends on: ii adduser 3.113+nmu3 ii libc6 2.19-13 ii libevent-2.0-5 2.0.21-stable-1.1 ii libseccomp2 2.1.1-1 ii libssl1.0.0 1.0.1j-1 ii lsb-base 4.1+Debian13+nmu1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages tor recommends: ii logrotate 3.8.7-1+b1 ii tor-geoipdb 0.2.5.10-1 ii torsocks 2.0.0-3 Versions of packages tor suggests: ii apparmor-utils 2.9.0-2 pn mixmaster <none> pn obfsproxy <none> pn polipo | privoxy <none> pn socat <none> pn tor-arm <none> pn xul-ext-torbutton <none> -- Configuration Files: /etc/apparmor.d/abstractions/tor changed [not included] /etc/tor/torrc changed [not included] -- no debconf information
--- End Message ---
--- Begin Message ---Hi, Henrik Ahlgren wrote (04 Dec 2014 17:20:06 GMT) : > You're absolutely right, it now does that for me, too. OK. > I think this bug can be closed; clearly nameservice is needed after > all. Doing that, then. > BTW, thanks intrigeri for your work on AppArmor, it is much appreciated, > and very important. Thanks! Cheers, -- intrigeri
--- End Message ---
