Tor requires an apparmor hack #2

Open
opened 8 months ago by southerntofu · 0 comments
Owner

Debian ticket

AppArmor profile from tor@default.service (/etc/apparmor.d/abstractions/tor) does not allow to read from /etc/tor/onions/*.conf, which we use so we don't clutter the whole /etc/tor/ folder.

Workaround in roles/tor/tasks/main.yml:

- name: "Ensure tor can read config (apparmor)"
  lineinfile:
    path: /etc/apparmor.d/abstractions/tor
    regexp: "/etc/tor/\\* r,"
    line: "/etc/tor/** r,"
    state: present
  register: apparmor
- name: "Restart apparmor"
  service:
    name: apparmor
    state: restarted
  when: apparmor.changed

This should be fixed at some point upstream

[Debian ticket](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888728) AppArmor profile from `tor@default.service` (`/etc/apparmor.d/abstractions/tor`) does not allow to read from /etc/tor/onions/*.conf, which we use so we don't clutter the whole /etc/tor/ folder. Workaround in `roles/tor/tasks/main.yml`: ``` - name: "Ensure tor can read config (apparmor)" lineinfile: path: /etc/apparmor.d/abstractions/tor regexp: "/etc/tor/\\* r," line: "/etc/tor/** r," state: present register: apparmor - name: "Restart apparmor" service: name: apparmor state: restarted when: apparmor.changed ``` This should be fixed at some point upstream
southerntofu added the
upstream
bug
labels 8 months ago
southerntofu added the
role-tor
label 8 months ago
Sign in to join this conversation.
Loading…
There is no content yet.