Bug #14603: Remove custom apparmor profile for tor

Bug #14603

Remove custom apparmor profile for tor

Added by groente 2017-09-05 09:53:52 . Updated 2018-01-06 21:31:26 .

Status:

Resolved

Priority:

Normal

Assignee:

groente

Category:

Infrastructure

Target version:

Tails_3.5

Start date:

2017-09-05

Due date:

% Done:

100%

Feature Branch:

Type of work:

Sysadmin

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

We currently maintain a custom apparmor profile for tor, let’s see if we can get rid of that and use debian defaults instead.

Subtasks

Related issues

Related to Tails - ~~Feature #13581~~: Update AppArmor profile for tor/obfs4proxy	Resolved	2017-08-04
Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services)	Confirmed	2017-06-29

History

#1 Updated by intrigeri 2017-09-05 10:27:17

related to ~~Feature #13581~~: Update AppArmor profile for tor/obfs4proxy added

#2 Updated by groente 2017-09-07 13:38:29

blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added

#3 Updated by groente 2017-09-07 13:40:45

Status changed from New to Confirmed

#4 Updated by anonym 2017-11-15 11:30:57

Target version changed from Tails_3.3 to Tails_3.5

#5 Updated by groente 2018-01-06 15:39:56

Assignee changed from groente to intrigeri
QA Check set to Info Needed

completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?

#6 Updated by intrigeri 2018-01-06 16:23:47

Assignee changed from intrigeri to groente

> completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?

Sorry, I lack the background info here and retrieving it all myself into my hot cache would basically take me 99% of the time I would need if I was tackling this ticket myself, which would be a problem. So I’ll need you to help me help you :)

I see that our custom abstractions/tor is functionally equivalent to what I have on my sid with tor 0.3.2.8-rc-1.

We already install tor from deb.torproject.org, at least on bridge.lizard where this stuff matters. Why would we need the version from backports?

Hint: apt-cache madison tor, rmadison tor, apt-cache policy tor :)

#7 Updated by groente 2018-01-06 16:44:33

Assignee changed from groente to intrigeri

aah, i checked the debian packages of tor and the relevant changes were in stretch-backports, but not in stretch. the package from torproject looks good, though, so no need for backports.

with that in mind, just removing the site_tor directory should suffice, no?

#8 Updated by intrigeri 2018-01-06 21:04:44

Assignee changed from intrigeri to groente

> with that in mind, just removing the site_tor directory should suffice, no?

I guess so. Then reload the profile apparmor_parser -r /etc/apparmor.d/system_tor and restart the tor@default.service to apply and make sure it still works.

#9 Updated by groente 2018-01-06 21:31:26

Status changed from Confirmed to Resolved
% Done changed from 0 to 100

it still works.