Opened 2 years ago

Last modified 8 months ago

#21436 new defect

fteproxy does not work on Debian stretch / document fteproxy usage on Debian stretch

Reported by: adrelanos Owned by: kpdyer
Priority: Medium Milestone:
Component: Archived/FTE Version:
Severity: Normal Keywords: apparmor
Cc: whonix-devel@…, foss@…, irl, kpdyer Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Using fteproxy on Debian stretch isn't straight easy. So far no luck.

From /lib/systemd/system/tor@default.service, the AppArmor profile gets into the way.

AppArmorProfile=system_tor

Also the other systemd hardening results in.

Could not launch managed proxy executable at '/usr/bin/fteproxy' ('Permission denied').

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE

Even with all of that disabled, Tor does not successfully bootstrap.

Feb 11 06:26:01.000 [notice] Bootstrapped 5%: Connecting to directory server
Feb 11 06:26:01.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Feb 11 06:26:01.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 6; recommendation warn; host redacted at IP:PORT)
Feb 11 06:26:01.000 [warn] 6 connections have failed:

I guess my torrc config is fine. Copied that part over from TBB to system Tor /etc/tor/torrc.

UseBridges 1
ClientTransportPlugin fte exec /usr/bin/fteproxy --managed
Bridge fte IP:PORT redacted

Any hints what I am doing wrong? (Not in a censored area. TBB without bridges as well as fteproxy works for me. Debian stretch system Tor with Debian fteproxy packages does not work for me.)

I am asking for Whonix integration purposes.

Child Tickets

Change History (1)

comment:1 Changed 8 months ago by traumschule

Keywords: apparmor added

group tickets related to AppArmorForTBB/tor packages

Note: See TracTickets for help on using tickets.