Your message dated Thu, 02 Nov 2017 22:43:55 +0000 with message-id <e1eaodl-000iew...@fasolo.debian.org> and subject line Bug#880490: fixed in tor 0.3.2.3-alpha-2 has caused the Debian Bug report #880490, regarding tor: Does not start when the AppArmor LSM is enabled but the apparmor package is not installed to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880490: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880490 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tor Version: 0.3.1.8-1 Severity: grave Tags: patch X-Debugs-Cc: pkg-appar...@lists.alioth.debian.org Hi, as reported on https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001895.html Tor does not start when the AppArmor LSM is enabled (which is the default in Linux on current sid) but the apparmor package is not installed. This is by far the most common situation for testing/sid users at the moment, hence RC severity. Installing the apparmor package is enough to fix the problem. This happens because the system_tor profile is not loaded in the kernel yet. There's an ongoing discussion about "how to get the apparmor package installed everywhere relevant"; depending on the outcome of this discussion, we may get a fix for this bug for free, but I don't think we should block on this discussion for fixing the matter at hand. So I propose we do this: --- a/debian/systemd/tor@default.service +++ b/debian/systemd/tor@default.service @@ -20,7 +20,7 @@ Restart=on-failure LimitNOFILE=65536 # Hardening -AppArmorProfile=system_tor +AppArmorProfile=-system_tor NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes This should avoid breaking the startup of the unit in case of such problems with the AppArmor profile. Weasel, what do you think? Cheers, -- intrigeri
--- End Message ---
--- Begin Message ---Source: tor Source-Version: 0.3.2.3-alpha-2 We believe that the bug you reported is fixed in the latest version of tor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Palfrader <wea...@debian.org> (supplier of updated tor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Nov 2017 21:31:27 +0100 Source: tor Binary: tor tor-geoipdb Architecture: source Version: 0.3.2.3-alpha-2 Distribution: experimental Urgency: medium Maintainer: Peter Palfrader <wea...@debian.org> Changed-By: Peter Palfrader <wea...@debian.org> Description: tor - anonymizing overlay network for TCP tor-geoipdb - GeoIP database for Tor Closes: 880490 Changes: tor (0.3.2.3-alpha-2) experimental; urgency=medium . * Recent linux packages in Debian have enabled the apparmor Linux-Security-Module by default. Therefore, users are likely to have apparmor support not only built into their kernel but also actively enabled at runtime. Unfortunately, without the apparmor package being installed, systemd's AppArmorProfile= service setting will cause the unit to fail to start. . Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor, causing all errors while switching to the new apparmor profile to be ignored. This is not ideal, but for now it's probably the best solution. . Thanks to intrigeri; closes: #880490. Checksums-Sha1: b4e6c3ef0c2154d929772966e9d0062b0f393d62 1842 tor_0.3.2.3-alpha-2.dsc 5325262c523845ab372357f2747430d25854ece0 6277836 tor_0.3.2.3-alpha.orig.tar.gz bebce8869c4b95b04e62dc3e62741ea7ce924d58 48227 tor_0.3.2.3-alpha-2.diff.gz Checksums-Sha256: b444dea120713b1576a421bed09e360c75b6bcc8afe5e70c99237013509dad44 1842 tor_0.3.2.3-alpha-2.dsc 1440a4bf6d52cb9831991af6ae7a0fc1c152af59108c9dff6b036e70e3641d19 6277836 tor_0.3.2.3-alpha.orig.tar.gz 147d42b7159b22f55d54a4c3e32082c9f2572d7faf14e5cccc2eaf3413605867 48227 tor_0.3.2.3-alpha-2.diff.gz Files: 80340421093598d99775ac51e050d522 1842 net optional tor_0.3.2.3-alpha-2.dsc 8fa1b444ec1d91ccdf9ec3470de42b60 6277836 net optional tor_0.3.2.3-alpha.orig.tar.gz 203a5aa31b85833c9a78d205da4765df 48227 net optional tor_0.3.2.3-alpha-2.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAln7lVMACgkQhgLIIDhy Mx8EQgf+P8ZQsnKHSWf3CFUmxER+M3b09+H6NUUA2xOohzjGfX/IDQz3JQaNNCQI HdUbZLpZ5mP+pJo7n5vtmB1r1PzaQRQ2RR05dOa8XjSGXZ/BB1b2Ixi9lTHaDuiF nZTjUEujjhtruS6OEBZlxQrLG6Cfk4WmCA+GQwtbCK/TeuhvRzLpoMAi74ZsogC/ 2TB6DRJnXSt5qg73ekaIEXS1FRyEhfqJtUWBNfzSqhKd/hpn2HMO7Vofo7XSdatb qB/SdSGBVfIRwU8pMPhknLpv7nGxAM20X37p1IJt2kNyscz6FDnrs6OaJzwhMsV2 F3rPgYC9KKyeTBw3SCrUzrfZ96hhag== =gZbT -----END PGP SIGNATURE-----
--- End Message ---
