Package: tor Version: 0.3.1.8-1 Severity: grave Tags: patch X-Debugs-Cc: pkg-appar...@lists.alioth.debian.org
Hi, as reported on https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001895.html Tor does not start when the AppArmor LSM is enabled (which is the default in Linux on current sid) but the apparmor package is not installed. This is by far the most common situation for testing/sid users at the moment, hence RC severity. Installing the apparmor package is enough to fix the problem. This happens because the system_tor profile is not loaded in the kernel yet. There's an ongoing discussion about "how to get the apparmor package installed everywhere relevant"; depending on the outcome of this discussion, we may get a fix for this bug for free, but I don't think we should block on this discussion for fixing the matter at hand. So I propose we do this: --- a/debian/systemd/tor@default.service +++ b/debian/systemd/tor@default.service @@ -20,7 +20,7 @@ Restart=on-failure LimitNOFILE=65536 # Hardening -AppArmorProfile=system_tor +AppArmorProfile=-system_tor NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes This should avoid breaking the startup of the unit in case of such problems with the AppArmor profile. Weasel, what do you think? Cheers, -- intrigeri
