Control: tag -1 + moreinfo

Hi Arto,

Arto Jantunen wrote (30 Apr 2015 17:46:00 GMT) :
> Attached is a patch to enable the systemd service file, and modify it to
> mimick the behavior of the current initscript.

Thanks!

Two questions:

1. Was this tested with pluggable transports, e.g. obfs4proxy?
   I've seen occurences in the past of hardening features of systemd
   breaking such things.

2. The unit file doesn't seem to confine the Tor service with AppArmor
   when available, which is a regression vs. the current initscript,
   right? It might be that `AppArmorProfile = system_tor' is enough to
   make this work with systemd v217+ (in experimental), although in
   the past it wasn't compatible with `NoNewPrivileges = yes'. See the
   discussion on Debian#760526, and the one in the "[PATCH] Move
   apparmor code before the namespace setup" thread on the
   [email protected] mailing-list for details.

Cheers,
-- 
intrigeri


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to