Package: tor Version: 0.2.4.20-1 Severity: normal Tags: patch Hi,
as reported on Tor's ticket tracker (#9460, #6996), the AppArmor profile we ship in the tor package prevents obfsproxy from starting. This is fixed by the attached patch (against the debian-0.2.4 branch in your packaging repository), that allows running obfsproxy under its own profile if available, else unconfined. Successfully tested on a Wheezy system with tor 0.2.4.x from deb.t.o and obfsproxy from wheezy-backports. My next step will be to write an AppArmor profile for obfsproxy, and have it shipped with the obfsproxy package. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
>From 59cbd65d849f8254957682a6875a51157141d681 Mon Sep 17 00:00:00 2001 From: intrigeri <intrig...@boum.org> Date: Mon, 17 Feb 2014 12:40:11 +0000 Subject: [PATCH] AppArmor: allow running obfsproxy under its own profile if available, else unconfined. --- debian/tor.apparmor-profile.abstraction | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/tor.apparmor-profile.abstraction b/debian/tor.apparmor-profile.abstraction index d680215..f3aef3c 100644 --- a/debian/tor.apparmor-profile.abstraction +++ b/debian/tor.apparmor-profile.abstraction @@ -22,3 +22,5 @@ /etc/tor/* r, /usr/share/tor/** r, + + /usr/bin/obfsproxy PUx, -- 1.9.0.rc3