As mentioned in other comments, this is fixed in 17.04, so marking the
tor task as Invalid (it is an issue in the apparmor abstractions, not
tor) and marking the apparmor task as Fix Released. If someone wants to
perform the SRU or supply debdiffs, please open tasks against the
particular releases to be SRU'd.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: tor (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1670408
Title:
Missing apparmor rules cause tor to fail to start
Status in apparmor package in Ubuntu:
Fix Released
Status in tor package in Ubuntu:
Invalid
Bug description:
Using tor 0.2.9.9-1ubuntu1 with Linux 4.10.0-9-generic on Zesty, tor
fails to start after installing the tor package. "systemctl status
tor@default" reports:
Mar 06 16:04:00 zesty systemd[1]: [email protected]: Main process exited,
code=killed, status=11/SEGV
Mar 06 16:04:00 zesty systemd[1]: Failed to start Anonymizing overlay network
for TCP.
Mar 06 16:04:00 zesty systemd[1]: [email protected]: Unit entered failed
state.
Mar 06 16:04:00 zesty systemd[1]: [email protected]: Failed with result
'signal'.
There are two AppArmor denials in the kernel log:
Mar 6 15:53:12 zesty-test kernel: [ 102.699647] audit: type=1400
audit(1488815592.268:35): apparmor="DENIED" operation="file_inherit"
namespace="root//lxd-zesty_<var-lib-lxd>" profile="system_tor"
name="/run/systemd/journal/stdout" pid=3520 comm="tor"
requested_mask="wr" denied_mask="wr" fsuid=100000 ouid=100000
Mar 6 15:53:12 zesty-test kernel: [ 102.702418] audit: type=1400
audit(1488815592.272:37): apparmor="DENIED" operation="file_mmap"
namespace="root//lxd-zesty_<var-lib-lxd>" profile="system_tor"
name="/usr/bin/tor" pid=3520 comm="tor" requested_mask="m"
denied_mask="m" fsuid=100000 ouid=100000
Workaround: add the following two lines to /etc/apparmor.d/system_tor:
/usr/bin/tor m,
/run/systemd/journal/stdout rw,
I couldn't remember how to that that profile reloaded, so I rebooted,
and after the reboot tor does start up successfully. "systemctl
tor@default" reports it as running.
I haven't checked to see if only one or other rule is actually
required.
Importance -> High since this bug makes the package unusable in its
default configuration on Zesty. Since the AppArmor profile comes from
Debian's 0.2.9.9-1, this should probably be fixed in Debian.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1670408/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
