[tor-bugs] #14014 [Applications/Tor bundles/installation]: Add obfs4proxy to the default tor apparmor profile

Fri Jul 7 01:04:54 UTC 2017

#14014: Add obfs4proxy to the default tor apparmor profile
-------------------------------------------------+-------------------------
 Reporter:  vladtsyrklevich                      |          Owner:  weasel
     Type:  enhancement                          |         Status:
                                                 |  reopened
 Priority:  Low                                  |      Milestone:
Component:  Applications/Tor                     |        Version:
  bundles/installation                           |
 Severity:  Normal                               |     Resolution:
 Keywords:  apparmor obfs4                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ccppuu):

 I can confirm the comment left by @alimj - On my own Ubuntu 16.04 test
 systems with Tor 0.3.0.9 (git-100816d92ab5664d), the latest release at the
 time of writing, AppArmor will block obfs4proxy from operating unless the
 `/etc/apparmor.d/abstractions/tor` entries for the obfs4proxy binaries are
 changed from `PUx` to `ix`.

 [https://github.com/jlund/streisand Streisand] is currently carrying a
 [https://github.com/jlund/streisand/blob/5cab34a22892666eeba9411b810f9d039706ba56/playbooks/roles
 /tor-bridge/tasks/main.yml#L50:L66 a workaround patch] that I would love
 to remove :-)

 How can I help resolve this bug upstream? Is there someone more familiar
 with AppArmor that could explain the intention of the `PUx` modifiers
 present in the debian package's abstractions file?

 Thanks! -- @cpu

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14014#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online