[pkg-apparmor] Tor does not start with latest Linux kernel
Seth Arnold
seth.arnold at canonical.com
Wed Nov 1 00:24:49 UTC 2017
AOn Tue, Oct 31, 2017 at 03:11:00PM +0000, Viktor Jägersküpper wrote:
> Viktor Jägersküpper:
> > Then I installed the package "apparmor" and after a restart tor
> > started again. Is there a dependency missing in the tor package?
> >$
>$
> After reading various related bug reports and mails I conclude that tor
> should not depend on apparmor. But I assume it should work even if the
> apparmor package is not installed. Is this right?
It looks like the Tor package's initscript is prepared to use AppArmor
if it is installed:
http://sources.debian.net/src/tor/0.3.1.4-alpha-1/debian/tor.default/#L61
#
# By default the tor init script will launch Tor using apparmor iff
# /usr/sbin/aa-status exists and is executable and calling it with
# --enabled
# returns true, /usr/sbin/aa-exec is executable, there is a
# /etc/apparmor.d/system_tor policy, and USE_AA_EXEC is set to 'yes'.
#
# USE_AA_EXEC="yes" # default
# USE_AA_EXEC="no"
http://sources.debian.net/src/tor/0.3.1.4-alpha-1/debian/tor.init/#L155
if [ "$USE_AA_EXEC" = "yes" ] &&
[ -x /usr/sbin/aa-status ] && \
[ -x /usr/sbin/aa-exec ] && \
[ -e /etc/apparmor.d/system_tor ] && \
/usr/sbin/aa-status --enabled ; then
AA_EXEC="--startas /usr/sbin/aa-exec"
AA_EXEC_ARGS="--profile=system_tor -- $DAEMON"
else
AA_EXEC=""
AA_EXEC_ARGS=""
fi
Of course this misses the case of apparmor enabled but the system_tor
profile isn't yet loaded. I'm not sure there's an easy way to check for
that.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20171031/05c6be0c/attachment.sig>
More information about the pkg-apparmor-team
mailing list