Drake Wilson <drake@dasyatidae.net> wrote:

thegreatwent@Safe-mail.net wrote:

...

So that mostly just leaves open the question of why managed mode obfsproxy wants to read /etc/passwd and nsswitch.conf?

Sorry for jumping in without reading the whole context, but on GNU/Linux systems, nsswitch.conf is used for determining how resolution works for host and user names (among other things), and passwd is usually needed to map names to UIDs. If there's anything that takes a "which user should I run as" parameter then it'll read those two in the process of looking up the user, for instance.

---> Drake Wilson

Thank you, I knew enough to be a bit concerned about /etc/passwd (even though there's no actual passwords in it), but not enough to know if it was an issue in this particular case! I'll continue with adding those files to the Apparmor profile and post back here when it's complete.