Opened 3 years ago

Last modified 6 months ago

#18294 new defect

systemd AppArmorProfile= directive unavailable leads to not loading AppArmor profile on Debian jessie

Reported by: adrelanos Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: debian, systemd, apparmor, distribution, downstream
Cc: weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor version: 0.2.7.6-1~d80.jessie+1
Tor version installed from: deb.torproject.org

/lib/systemd/system/tor@default.service uses AppArmorProfile=system_tor.

Debian jessie's (currently: Debian stable) version of systemd was compiled without AppArmor support.

(The systemd version that is available from Debian stretch (currently: Debian testing) has systemd >= 217 has AppArmor support.)

Source:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760526

Therefore the AppArmor profile will not be load.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by intrigeri

Cc: intrigeri removed

JFTR, I personally won't spend time on it given it's fixed in Stretch already, and doesn't affect the tor package that's available in Jessie. Hint to anyone who wants to work on it: have ExecStart= wrap tor with aa-exec if AppArmor is enabled on the system.

comment:2 Changed 3 years ago by nickm

Keywords: debian systemd apparmor added

comment:3 Changed 2 years ago by nickm

Milestone: Tor: unspecified

comment:4 Changed 21 months ago by nickm

Keywords: distribution downstream added

comment:5 Changed 6 months ago by traumschule

Keywords: debian systemd apparmor distribution downstreamdebian, systemd, apparmor, distribution, downstream

group tickets related to AppArmorForTBB/tor packages

Note: See TracTickets for help on using tickets.