Bug#760526: Enable AppArmor support (using libapparmor)
Michael scherer
misc at zarb.org
Sun Oct 12 00:40:29 BST 2014
So, investigating the problem.
The issue is that :
ReadOnlyDirectories = /
make aa_change_onexec fail with
Oct 11 23:22:25 test-debian systemd[1985]: Failed at step APPARMOR spawning /usr/bin/tor: Read-only file system
( once there is proper reporting ). I suspect the issue is upstream, with the ordering of readonly vs apparmor.
Adding :
ReadWriteDirectories = /proc
Seems to fix the issue as well. I am trying to see if I can fix properly upstream by moving around
apparmor support in the source code.
More information about the Pkg-systemd-maintainers
mailing list