Control: clone -1 -2 Control: retitle -2 AppArmor profile denies access to recommended %include'ed configuration files Control: found -2 0.3.2.9-1 Control: tag -2 + patch
Hi Diane, Diane Trout: > My system copy of tor wasn't starting in the background. > It was because I'd put some customizations into /etc/torrc.custom, (as > suggested by the comments at the bottom of /etc/tor/torrc. However the > apparmor profile in (abstractions/system_tor) limit tor to be able to > only read /etc/tor/. Thanks for this report. > Could either the config file suggest using /etc/tor/torrc.custom, or > modifying the apparmor profile to allow reading /etc/torrc.custom. Changing the recommended path would be painful for those who have already followed the previous set of recommendations and I trust weasel to have chosen these paths carefully. So IMO we should simply adjust the AppArmor profile: --- a//etc/apparmor.d/abstractions/tor 2018-01-16 09:49:46.000000000 +0000 +++ b//etc/apparmor.d/abstractions/tor 2018-01-29 08:49:34.583943603 +0000 @@ -24,6 +24,9 @@ /sys/devices/system/cpu/** r, /etc/tor/* r, + /etc/torrc.custom r, + /etc/torrc.d/ r, + /etc/torrc.d/* r, /usr/share/tor/** r, /usr/bin/obfsproxy PUx, Please test and report back :) > I wasn't sure if this should go to this open bug, or get its own new > wishlist bug. I believe this is off-topic on this bug report so I'm cloning it to a new one. Please follow-up on the new one. Cheers, -- intrigeri