So, investigating the problem. The issue is that :
ReadOnlyDirectories = / make aa_change_onexec fail with Oct 11 23:22:25 test-debian systemd[1985]: Failed at step APPARMOR spawning /usr/bin/tor: Read-only file system ( once there is proper reporting ). I suspect the issue is upstream, with the ordering of readonly vs apparmor. Adding : ReadWriteDirectories = /proc Seems to fix the issue as well. I am trying to see if I can fix properly upstream by moving around apparmor support in the source code. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org