Dear maintainer,
sorry to add another update:
The log messages that I saw seem to be unrelated.
I found the trigger that breaks the service: A cronjob that updates the
/etc/hosts.deny file.
I can reproduce the problem by running (as root):
cp /etc/hosts.deny xxx; chmod 0644 xxx; mv xxx /etc/hosts.deny
Currently, I do not know how to actually fix this (the workaround is to restart
sslh after updating the hosts.deny file).
However, my initial report is still valid: With apparmor enabled (seems to be
default), sslh does not work at all for me.
My current /etc/apparmor.d/usr.sbin.sslh is as follows:
------------- 8< -------------------------------------------
include <tunables/global>
profile sslh /usr/sbin/sslh flags=(attach_disconnected, complain) {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/hosts_access>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
capability sys_resource,
/usr/sbin/sslh pix,
network tcp,
unix (send) type=stream,
@{etc_ro}/sslh/** r,
owner @{run}/sslh/sslh.pid rw,
}
------------- 8< -------------------------------------------
Bye,
Daniel