Dear maintainer,

sorry to add another update:

The log messages that I saw seem to be unrelated.
I found the trigger that breaks the service: A cronjob that updates the 
/etc/hosts.deny file.

I can reproduce the problem by running (as root):

  cp /etc/hosts.deny xxx; chmod 0644 xxx; mv xxx /etc/hosts.deny

Currently, I do not know how to actually fix this (the workaround is to restart 
sslh after updating the hosts.deny file).

However, my initial report is still valid: With apparmor enabled (seems to be 
default), sslh does not work at all for me.

My current /etc/apparmor.d/usr.sbin.sslh is as follows:

------------- 8< -------------------------------------------
include <tunables/global>

profile sslh /usr/sbin/sslh flags=(attach_disconnected, complain) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
   include <abstractions/hosts_access>

   capability net_bind_service,
   capability setgid,
   capability setuid,
   capability sys_chroot,
   capability sys_resource,

   /usr/sbin/sslh pix,

   network tcp,
   unix (send) type=stream,

   @{etc_ro}/sslh/** r,
   owner @{run}/sslh/sslh.pid rw,
}
------------- 8< -------------------------------------------

Bye,
   Daniel

Reply via email to