meek-client on ubuntu requires apparmor profile adjustment for system_tor
meek-client
$ apt-cache policy tor tor: Installed: 0.2.7.6-1ubuntu1
$ apt-cache policy meek-client meek-client: Installed: 0.20+git20151006-1 Candidate: 0.20+git20151006-1 Version table: *** 0.20+git20151006-1 500 500 https://people.debian.org/~infinity0/apt unstable/contrib amd64 Packages
$ dmesg | tail -n 1 [ 2553.433359] audit: type=1400 audit(1466045658.589:84): apparmor="DENIED" operation="open" profile="system_tor" name="/proc/sys/net/core/somaxconn" pid=7983 comm="meek-client" requested_mask="r" denied_mask="r" fsuid=117 ouid=0
You need to add the following to your config at /etc/apparmor.d/system_tor:
/proc/sys/net/core/somaxconn r,
This allows meek-client to read the procfs setting when called by tor.
Trac:
Username: 6h72Q484AddGha8H