AppArmor profile denies access to run/systemd/notify
When I upgraded from tor-0.2.6.10 to tor-0.2.7.5, I noticed my relay lost its Stable flag after a few days, so I started wondering why. It appears that I encounter this error :
Nov 25 23:06:06 Dalekanium kernel: [12493.410382] audit: type=1400 audit(1448489166.546:62): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="system_tor" name="run/systemd/notify" pid=9878 comm="tor" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
systemctl keeps restarting tor every 30seconds because he never receives the signal of start success from tor.
How to reproduce :
-install tor-0.2.7.5 -check syslogs
My machines specs : -apparmor 2.10-0ubuntu6 -Ubuntu 15.10
I fixed the bug adding a attach_disconnected flag to the tor apparmor profile and a writing autorisation on notify : /{,var/}run/systemd/notify w, like you can see in the two profiles I joined.
Trac:
Username: regar42