Opened 5 years ago

Last modified 17 months ago

#18294 new defect

systemd AppArmorProfile= directive unavailable leads to not loading AppArmor profile on Debian jessie

Reported by: adrelanos Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: debian, systemd, apparmor, distribution, downstream
Cc: weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Tor version:
Tor version installed from:

/lib/systemd/system/tor@default.service uses AppArmorProfile=system_tor.

Debian jessie's (currently: Debian stable) version of systemd was compiled without AppArmor support.

(The systemd version that is available from Debian stretch (currently: Debian testing) has systemd >= 217 has AppArmor support.)


Therefore the AppArmor profile will not be load.

Child Tickets

Change History (6)

comment:1 Changed 5 years ago by intrigeri

Cc: intrigeri removed

JFTR, I personally won't spend time on it given it's fixed in Stretch already, and doesn't affect the tor package that's available in Jessie. Hint to anyone who wants to work on it: have ExecStart= wrap tor with aa-exec if AppArmor is enabled on the system.

comment:2 Changed 4 years ago by nickm

Keywords: debian systemd apparmor added

comment:3 Changed 4 years ago by nickm

Milestone: Tor: unspecified

comment:4 Changed 3 years ago by nickm

Keywords: distribution downstream added

comment:5 Changed 2 years ago by traumschule

Keywords: debian systemd apparmor distribution downstreamdebian, systemd, apparmor, distribution, downstream

group tickets related to AppArmorForTBB/tor packages

comment:6 Changed 17 months ago by arma

This ticket might be resolved (from our side) if we resolve #30797?

Note: See TracTickets for help on using tickets.