[tor-relays] Obfsproxy apparmor profile etc.

thegreatwent at Safe-mail.net thegreatwent at Safe-mail.net
Sat Nov 15 19:28:08 UTC 2014


OK, I updated the obfsproxy apparmor profile so it works for both standalone and managed obfs3. Needed to add a line to /etc/apparmor.d/local/system_tor too. Profiles below and included in the attachment along with an init.d definition.

/etc/apparmor.d/usr.bin.obfsproxy
-------------------
#include <tunables/global>

# vim:syntax=apparmor


/usr/bin/obfsproxy {
  #include <abstractions/base>
  #include <abstractions/python>

  network inet stream,

  /dev/random r,
  /dev/urandom r,
  /etc/nsswitch.conf r,
  /etc/passwd r,
  /usr/** r,
  /usr/bin/obfsproxy rix,
  /var/log/tor/obfsproxy rw,
  signal (receive) set=("term") peer=system_tor,

}
-------------------


/etc/apparmor.d/local/system_tor
-------------------
# Site-specific additions and overrides for system_tor.
# For more details, please see /etc/apparmor.d/local/README.

  signal (send) set=("term") peer=/usr/bin/obfsproxy,
-------------------
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: obfsproxy.txt
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141115/0b7e8352/attachment.txt>


More information about the tor-relays mailing list