Bug#903654: tor: Tor doesn't start because of AppArmor

Thu, 12 Jul 2018 08:18:39 -0700 

Package: tor
Version: 0.2.9.15-1
Severity: normal

Dear Maintainer,

I installed Tor on my machine and haven't made any change to its config yet,
as far as I know.
But when I start it, AppArmor seems to stop it right at the start.
More specifically, I get:

    # /etc/init.d/tor stop 
    [ ok ] Stopping tor (via systemctl): tor.service.
    # /etc/init.d/tor start
    [ ok ] Starting tor (via systemctl): tor.service.
    # /etc/init.d/tor status
     tor.service - Anonymizing overlay network for TCP (multi-instance-master)
       Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: 
enabled)
       Active: active (exited) since Thu 2018-07-12 11:03:03 EDT; 2min 39s ago
      Process: 6842 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
     Main PID: 6842 (code=exited, status=0/SUCCESS)
        Tasks: 0 (limit: 4915)
       Memory: 0B
          CPU: 0
       CGroup: /system.slice/tor.service

    Jul 12 11:03:03 faina systemd[1]: Starting Anonymizing overlay network for 
TCP (multi-instance-master)...
    Jul 12 11:03:03 faina systemd[1]: Started Anonymizing overlay network for 
TCP (multi-instance-master).
    #

and `journalctl -f` on the "start" part gives me:

    Jul 12 11:03:03 faina systemd[1]: Starting Anonymizing overlay network for 
TCP...
    Jul 12 11:03:03 faina systemd[1]: Started Anonymizing overlay network for 
TCP (multi-instance-master).
    Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.973 [notice] Tor 0.2.9.15 
(git-2dc1a1a2abab5403) running on Linux with Libevent 2.0.21-stable, OpenSSL 
1.1.0f and Zlib 1.2.8.
    Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Tor can't 
help you if you use it wrong! Learn how to be safe at 
https://www.torproject.org/download/download#warning
    Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Read 
configuration file "/usr/share/tor/tor-service-defaults-torrc".
    Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Read 
configuration file "/etc/tor/torrc".
    Jul 12 11:03:05 faina tor[6862]: Configuration was valid
    Jul 12 11:03:05 faina audit[6873]: AVC apparmor="DENIED" 
operation="change_onexec" info="label not found" error=-2 profile="unconfined" 
name="system_tor" pid=6873 comm="(tor)"
    Jul 12 11:03:05 faina kernel: audit: type=1400 audit(1531407785.239:26): 
apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 
profile="unconfined" name="system_tor" pid=6873 comm="(tor)"
    Jul 12 11:03:05 faina systemd[6873]: tor@default.service: Failed at step 
APPARMOR spawning /usr/bin/tor: No such file or directory
    Jul 12 11:03:05 faina systemd[1]: tor@default.service: Main process exited, 
code=exited, status=231/APPARMOR
    Jul 12 11:03:05 faina systemd[1]: Failed to start Anonymizing overlay 
network for TCP.
    Jul 12 11:03:05 faina systemd[1]: tor@default.service: Unit entered failed 
state.
    Jul 12 11:03:05 faina systemd[1]: tor@default.service: Failed with result 
'exit-code'.
    Jul 12 11:03:05 faina systemd[1]: tor@default.service: Service hold-off 
time over, scheduling restart.
    Jul 12 11:03:05 faina systemd[1]: Stopped Anonymizing overlay network for 
TCP.

repeated 5 times.

I do see some tor-related file in /etc, tho:

    # find /etc/apparmor* -name '*tor*'
    /etc/apparmor.d/abstractions/tor
    /etc/apparmor.d/local/system_tor
    /etc/apparmor.d/system_tor
    #

What am I doing wrong?


        Stefan


-- System Information:
Debian Release: 9.4
  APT prefers stable
  APT policy: (990, 'stable'), (50, 'testing')
Architecture: armhf (armv7l)

Kernel: Linux 4.15.0-rc2+ (SMP w/2 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tor depends on:
ii  adduser              3.115
ii  init-system-helpers  1.48
ii  libc6                2.24-11+deb9u3
ii  libevent-2.0-5       2.0.21-stable-3
ii  libgcc1              1:6.3.0-18+deb9u1
ii  libssl1.1            1.1.0f-3+deb9u2
ii  libsystemd0          232-25+deb9u2
ii  lsb-base             9.20161125
ii  zlib1g               1:1.2.8.dfsg-5

Versions of packages tor recommends:
ii  logrotate    3.11.0-0.1
pn  tor-geoipdb  <none>
pn  torsocks     <none>

Versions of packages tor suggests:
pn  apparmor-utils       <none>
pn  mixmaster            <none>
pn  obfs4proxy           <none>
pn  obfsproxy            <none>
ii  socat                1.7.3.1-2+deb9u1
pn  tor-arm              <none>
pn  torbrowser-launcher  <none>

-- no debconf information

Reply via email to