intrigeri <intrig...@debian.org> writes: > Arto Jantunen wrote (30 Apr 2015 17:46:00 GMT) : >> Attached is a patch to enable the systemd service file, and modify it to >> mimick the behavior of the current initscript. > > Thanks! > > Two questions: > > 1. Was this tested with pluggable transports, e.g. obfs4proxy? > I've seen occurences in the past of hardening features of systemd > breaking such things.
No, it was not tested with pluggable transports. I'll do that and report back. Do we know if the upstream provided service file supports them as is, without my changes? > 2. The unit file doesn't seem to confine the Tor service with AppArmor > when available, which is a regression vs. the current initscript, > right? It might be that `AppArmorProfile = system_tor' is enough to > make this work with systemd v217+ (in experimental), although in > the past it wasn't compatible with `NoNewPrivileges = yes'. See the > discussion on Debian#760526, and the one in the "[PATCH] Move > apparmor code before the namespace setup" thread on the > systemd-de...@lists.freedesktop.org mailing-list for details. I wouldn't know where to start with apparmor, so it would probably be better if this was handled by someone else. -- Arto Jantunen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
