Bug #10528
Restore AppArmor confinement of Tor on Jessie
Start date:
2015-11-10
Due date:
% Done:
100%
Description
feature/jessie now has Tor 0.2.7 packages that ship with systemd unit files (which is good as it allows us to resolve Feature #5750). The problem is that they don’t turn on the AppArmor profile which is a regression vs. Wheezy-based Tails.
Subtasks
History
#1 Updated by intrigeri 2015-11-10 02:38:14
- blocks #8668 added
#2 Updated by intrigeri 2015-11-10 02:39:12
Implementation ideas salvaged from Feature #5750:
- renaming the
system_tor
profile tousr.sbin.tor
: should work, highly Tails-specific but so trivial that it’s no big deal — and we can get rid of this hack in Tails/Stretch - wrapping the tor daemon’s startup with aa-exec
- a more recent systemd than Jessie’s one, hopefully from jessie-backports, compiled with AppArmor support (which is the case since 218-4 in Debian experimental)
- rebuilding Jessie’s systemd with AppArmor support (I’ve been using that for months)
#3 Updated by intrigeri 2015-11-10 02:45:22
- related to
Feature #5750: Supervise critical services added
#4 Updated by intrigeri 2015-11-10 03:00:41
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
Got a fix locally, testing.
#5 Updated by intrigeri 2015-11-10 03:48:44
- Status changed from In Progress to Resolved
- % Done changed from 10 to 100
Applied in changeset commit:fa5e9988d3ea1a99fa1671567b49fb71abe9704c.
#6 Updated by intrigeri 2015-11-10 03:49:26
- Assignee deleted (
intrigeri)