Source: squid-deb-proxy Severity: important Tags: patch Dear Maintainer,
squid-deb-proxy fails to start due due to the conf file not being allowed by apparmor: Jul 20 16:28:48 Tardis squid: FATAL: Unable to open configuration file: /etc/squid-deb-proxy/squid-deb-proxy.conf: (13) Permission denied Jul 20 16:28:48 Tardis squid-deb-proxy[10170]: failed! Jul 20 16:35:30 Tardis squid-deb-proxy[10276]: Stopping Squid Deb HTTP Proxy: squid-deb-proxy. Jul 20 16:35:30 Tardis systemd[1]: squid-deb-proxy.service: Succeeded. Jul 20 16:35:30 Tardis kernel: [4157921.317296] audit: type=1400 audit(1563597330.601:32): apparmor="DENIED" operation="open" profile="/usr/sbin/squid" name="/etc/squid-deb-proxy/squid-deb-proxy.conf" pid=10301 comm="squid" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jul 20 16:35:30 Tardis squid-deb-proxy[10284]: Starting Squid Deb HTTP Proxy: squid-deb-proxy2019/07/20 16:35:30| FATAL: Unable to open configuration file: /etc/squid-deb-proxy/squid-deb-proxy.conf: (13) Permission denied The fix is to add /etc/squid-deb-proxy/** r, to /etc/apparmor.d/usr.sbin.squid Then apparmor_parser -r /etc/apparmor.d/usr.sbin.squid systemctl restart squid-deb-proxy #And test dig +nocmd +noall +answer @224.0.0.251 -p 5353 -t ptr _apt_proxy._tcp.local -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled