Hi, Marc: > I removed apparmor and problem goes away, and I installed apparmor > again and the problem returns.
Good catch! > Maybe obfsproxy needs it's own apparmor profile, or the python profile has a > problem? obfsproxy includes its own AppArmor profile. I'm not sure how well it's been maintained and tested on Debian testing/sid though. I've tried running "/usr/bin/obfsproxy managed" and I see a bunch of errors in the Journal: Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.689:1870): apparmor="DENIED" operation="open" profile="/usr/bin/obfsproxy" name="/proc/6963/mounts" pid=6963 comm="obfsproxy" requested_mask="r" denied_mask="r" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.689:1871): apparmor="DENIED" operation="exec" profile="/usr/bin/obfsproxy" name="/usr/sbin/ldconfig" pid=6964 comm="obfsproxy" requested_mask="x" denied_mask="x" fsuid=1002 ouid=0 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.697:1872): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/tmp/d1SGQ2" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.697:1873): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/var/tmp/fabY3f" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.697:1874): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/etc/apparmor.d/F1_1fY" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.697:1875): apparmor="DENIED" operation="exec" profile="/usr/bin/obfsproxy" name="/usr/sbin/ldconfig" pid=6965 comm="obfsproxy" requested_mask="x" denied_mask="x" fsuid=1002 ouid=0 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.697:1876): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/tmp/TfcaiJ" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.701:1877): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/var/tmp/isY7jU" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:06 ensifera kernel: audit: type=1400 audit(1511286306.701:1878): apparmor="DENIED" operation="mknod" profile="/usr/bin/obfsproxy" name="/etc/apparmor.d/u6OS0q" pid=6963 comm="obfsproxy" requested_mask="c" denied_mask="c" fsuid=1002 ouid=1002 Nov 21 18:45:11 ensifera kernel: audit: type=1400 audit(1511286311.333:1879): apparmor="DENIED" operation="open" profile="/usr/bin/obfsproxy" name="/proc/6975/mounts" pid=6975 comm="obfsproxy" requested_mask="r" denied_mask="r" fsuid=1002 ouid=1002 I could not see the error Marc is reporting, because I don't know how exactly I should run obfsproxy to trigger it. Marc, could you please share the exact command line you're running? Lunar, unless you disagree I'll do a team upload that disables this profile by default. We can re-enable it if/once someone feels like keeping it up-to-date and working. What do you think? Cheers, -- intrigeri
