Bug #14603
Remove custom apparmor profile for tor
100%
Description
We currently maintain a custom apparmor profile for tor, let’s see if we can get rid of that and use debian defaults instead.
Subtasks
Related issues
Related to Tails - |
Resolved | 2017-08-04 | |
Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services) | Confirmed | 2017-06-29 |
History
#1 Updated by intrigeri 2017-09-05 10:27:17
- related to
Feature #13581: Update AppArmor profile for tor/obfs4proxy added
#2 Updated by groente 2017-09-07 13:38:29
- blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added
#3 Updated by groente 2017-09-07 13:40:45
- Status changed from New to Confirmed
#4 Updated by anonym 2017-11-15 11:30:57
- Target version changed from Tails_3.3 to Tails_3.5
#5 Updated by groente 2018-01-06 15:39:56
- Assignee changed from groente to intrigeri
- QA Check set to Info Needed
completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?
#6 Updated by intrigeri 2018-01-06 16:23:47
- Assignee changed from intrigeri to groente
> completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?
Sorry, I lack the background info here and retrieving it all myself into my hot cache would basically take me 99% of the time I would need if I was tackling this ticket myself, which would be a problem. So I’ll need you to help me help you :)
I see that our custom abstractions/tor
is functionally equivalent to what I have on my sid with tor 0.3.2.8-rc-1.
We already install tor from deb.torproject.org, at least on bridge.lizard where this stuff matters. Why would we need the version from backports?
Hint: apt-cache madison tor
, rmadison tor
, apt-cache policy tor
:)
#7 Updated by groente 2018-01-06 16:44:33
- Assignee changed from groente to intrigeri
aah, i checked the debian packages of tor and the relevant changes were in stretch-backports, but not in stretch. the package from torproject looks good, though, so no need for backports.
with that in mind, just removing the site_tor directory should suffice, no?
#8 Updated by intrigeri 2018-01-06 21:04:44
- Assignee changed from intrigeri to groente
> with that in mind, just removing the site_tor directory should suffice, no?
I guess so. Then reload the profile apparmor_parser -r /etc/apparmor.d/system_tor
and restart the tor@default.service to apply and make sure it still works.
#9 Updated by groente 2018-01-06 21:31:26
- Status changed from Confirmed to Resolved
- % Done changed from 0 to 100
it still works.