[tor-bugs] #13160 [meek]: make a deb of meek and get into Debian
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 23 22:52:19 UTC 2016
#13160: make a deb of meek and get into Debian
--------------------+---------------------
Reporter: proper | Owner: dcf
Type: defect | Status: new
Priority: Medium | Milestone:
Component: meek | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #17964 | Points:
Sponsor: |
--------------------+---------------------
Comment (by 6h72Q484AddGha8H):
FYI, if AppArmor is enabled, the default Tor policy will block execution
of the meek-client executable. A message like the following will be
encountered upon running Tor via the service system:
"[warn] Could not launch managed proxy executable at '/usr/bin/meek-
client' ('Operation not permitted')."
Running Tor as the root user bypasses the AppArmor policy and works fine,
but you want it to work when called via automated service commands. The
fix is to add the following line to the profile at
/etc/apparmor.d/system_tor:
/usr/bin/meek-client ix,
This allows tor to callout to the meek-client without violating AppArmor
by inheriting the execution policy ("ix"). Then you can restart both
apparmor and tor and everything should work fine.
$ sudo service apparmor restart
$ sudo service tor restart
Note: Tested on Ubuntu 15.10, but adding here so that when officially
packaged, both distros will work with AppArmor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13160#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list