[tor-bugs] #17693 [Tor]: AppArmor profile denies access to run/systemd/notify
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 25 22:50:38 UTC 2015
#17693: AppArmor profile denies access to run/systemd/notify
-------------------------+-------------------------------------
Reporter: regar42 | Owner:
Type: defect | Status: new
Priority: High | Milestone:
Component: Tor | Version: Tor: 0.2.7.5
Severity: Normal | Keywords: AppArmor systemd/notify
Actual Points: | Parent ID:
Points: | Sponsor:
-------------------------+-------------------------------------
When I upgraded from tor-0.2.6.10 to tor-0.2.7.5, I noticed my relay lost
its Stable flag after a few days, so I started wondering why. It appears
that I encounter this error :
Nov 25 23:06:06 Dalekanium kernel: [12493.410382] audit: type=1400
audit(1448489166.546:62): apparmor="DENIED" operation="sendmsg"
info="Failed name lookup - disconnected path" error=-13
profile="system_tor" name="run/systemd/notify" pid=9878 comm="tor"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
systemctl keeps restarting tor every 30seconds because he never receives
the signal of start success from tor.
How to reproduce :
-install tor-0.2.7.5
-check syslogs
My machines specs :
-apparmor 2.10-0ubuntu6
-Ubuntu 15.10
I fixed the bug adding a **attach_disconnected** flag to the tor apparmor
profile and a writing autorisation on notify :
**/{,var/}run/systemd/notify w,** like you can see in the two profiles I
joined.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17693>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list