Package: tor
Version: 0.2.9.15-1
Severity: normal
Dear Maintainer,
I installed Tor on my machine and haven't made any change to its config yet,
as far as I know.
But when I start it, AppArmor seems to stop it right at the start.
More specifically, I get:
# /etc/init.d/tor stop
[ ok ] Stopping tor (via systemctl): tor.service.
# /etc/init.d/tor start
[ ok ] Starting tor (via systemctl): tor.service.
# /etc/init.d/tor status
tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset:
enabled)
Active: active (exited) since Thu 2018-07-12 11:03:03 EDT; 2min 39s ago
Process: 6842 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 6842 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
Memory: 0B
CPU: 0
CGroup: /system.slice/tor.service
Jul 12 11:03:03 faina systemd[1]: Starting Anonymizing overlay network for
TCP (multi-instance-master)...
Jul 12 11:03:03 faina systemd[1]: Started Anonymizing overlay network for
TCP (multi-instance-master).
#
and `journalctl -f` on the "start" part gives me:
Jul 12 11:03:03 faina systemd[1]: Starting Anonymizing overlay network for
TCP...
Jul 12 11:03:03 faina systemd[1]: Started Anonymizing overlay network for
TCP (multi-instance-master).
Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.973 [notice] Tor 0.2.9.15
(git-2dc1a1a2abab5403) running on Linux with Libevent 2.0.21-stable, OpenSSL
1.1.0f and Zlib 1.2.8.
Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Tor can't
help you if you use it wrong! Learn how to be safe at
https://www.torproject.org/download/download#warning
Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Read
configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jul 12 11:03:04 faina tor[6862]: Jul 12 11:03:04.974 [notice] Read
configuration file "/etc/tor/torrc".
Jul 12 11:03:05 faina tor[6862]: Configuration was valid
Jul 12 11:03:05 faina audit[6873]: AVC apparmor="DENIED"
operation="change_onexec" info="label not found" error=-2 profile="unconfined"
name="system_tor" pid=6873 comm="(tor)"
Jul 12 11:03:05 faina kernel: audit: type=1400 audit(1531407785.239:26):
apparmor="DENIED" operation="change_onexec" info="label not found" error=-2
profile="unconfined" name="system_tor" pid=6873 comm="(tor)"
Jul 12 11:03:05 faina systemd[6873]: tor@default.service: Failed at step
APPARMOR spawning /usr/bin/tor: No such file or directory
Jul 12 11:03:05 faina systemd[1]: tor@default.service: Main process exited,
code=exited, status=231/APPARMOR
Jul 12 11:03:05 faina systemd[1]: Failed to start Anonymizing overlay
network for TCP.
Jul 12 11:03:05 faina systemd[1]: tor@default.service: Unit entered failed
state.
Jul 12 11:03:05 faina systemd[1]: tor@default.service: Failed with result
'exit-code'.
Jul 12 11:03:05 faina systemd[1]: tor@default.service: Service hold-off
time over, scheduling restart.
Jul 12 11:03:05 faina systemd[1]: Stopped Anonymizing overlay network for
TCP.
repeated 5 times.
I do see some tor-related file in /etc, tho:
# find /etc/apparmor* -name '*tor*'
/etc/apparmor.d/abstractions/tor
/etc/apparmor.d/local/system_tor
/etc/apparmor.d/system_tor
#
What am I doing wrong?
Stefan
-- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (990, 'stable'), (50, 'testing')
Architecture: armhf (armv7l)
Kernel: Linux 4.15.0-rc2+ (SMP w/2 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages tor depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii libc62.24-11+deb9u3
ii libevent-2.0-5 2.0.21-stable-3
ii libgcc1 1:6.3.0-18+deb9u1
ii libssl1.11.1.0f-3+deb9u2
ii libsystemd0 232-25+deb9u2
ii lsb-base 9.20161125
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages tor recommends:
ii logrotate3.11.0-0.1
pn tor-geoipdb
pn torsocks
Versions of packages tor suggests:
pn apparmor-utils
pn mixmaster
pn obfs4proxy
pn obfsproxy
ii socat1.7.3.1-2+deb9u1
pn tor-arm
pn torbrowser-launcher
-- no debconf information