Control: retitle -1 AppArmor profile should support a per-user instance of Tor Control: severity -1 normal
Hi Jack, Jack Wearden wrote (06 Aug 2013 19:00:08 GMT) : > I'm forwarding this bug report from Ubuntu; the original bug report is > available here https://bugs.launchpad.net/ubuntu/+source/vidalia/+bug/680192. > The apparmor-profile is not configured to allow vidalia to have access to the > tor binary, and so it cannot start or stop tor. It's correct that the current Vidalia profile only supports the system-wide instance of Tor setup. I'm glad you're interested in improving this! AppArmor isn't enabled by default in Debian yet, so I'm downgrading the severity to `normal'. > Adding > /usr/sbin/tor Ux, > to debian/apparmor-profile fixes this issue Thanks for the suggestion. However, I would find it sad to run Tor unconfined in this usecase: * the system-wide instance already decouples system-wide stuff in a `system_tor' profile, and ships `abstractions/tor' for things that should be shared with the usecase at hand * the whole thing is pretty easy to correctly confine. How about adding a `vidalia_tor' profile, that's used when running /usr/sbin/tor from Vidalia? E.g. something like that could be a good starting point: # vim:syntax=apparmor #include <tunables/global> profile vidalia_tor { #include <abstractions/tor> owner @{HOME}/.vidalia/torrc r, owner @{HOME}/.tor rw, owner @{HOME}/.tor/* rwk, # Site-specific additions and overrides. See local/README for details. #include <local/vidalia_tor> } Are you interested in building upon this? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
