Your message dated Thu, 02 Nov 2017 21:20:18 +0000 with message-id <e1eamuq-0008wk...@fasolo.debian.org> and subject line Bug#880490: fixed in tor 0.3.1.8-2 has caused the Debian Bug report #880490, regarding tor: Does not start when the AppArmor LSM is enabled but the apparmor package is not installed to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 880490: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880490 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tor Version: 0.3.1.8-1 Severity: grave Tags: patch X-Debugs-Cc: pkg-appar...@lists.alioth.debian.org Hi, as reported on https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001895.html Tor does not start when the AppArmor LSM is enabled (which is the default in Linux on current sid) but the apparmor package is not installed. This is by far the most common situation for testing/sid users at the moment, hence RC severity. Installing the apparmor package is enough to fix the problem. This happens because the system_tor profile is not loaded in the kernel yet. There's an ongoing discussion about "how to get the apparmor package installed everywhere relevant"; depending on the outcome of this discussion, we may get a fix for this bug for free, but I don't think we should block on this discussion for fixing the matter at hand. So I propose we do this: --- a/debian/systemd/tor@default.service +++ b/debian/systemd/tor@default.service @@ -20,7 +20,7 @@ Restart=on-failure LimitNOFILE=65536 # Hardening -AppArmorProfile=system_tor +AppArmorProfile=-system_tor NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes This should avoid breaking the startup of the unit in case of such problems with the AppArmor profile. Weasel, what do you think? Cheers, -- intrigeri
--- End Message ---
--- Begin Message ---Source: tor Source-Version: 0.3.1.8-2 We believe that the bug you reported is fixed in the latest version of tor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Palfrader <wea...@debian.org> (supplier of updated tor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Nov 2017 21:31:27 +0100 Source: tor Binary: tor tor-geoipdb Architecture: source Version: 0.3.1.8-2 Distribution: unstable Urgency: medium Maintainer: Peter Palfrader <wea...@debian.org> Changed-By: Peter Palfrader <wea...@debian.org> Description: tor - anonymizing overlay network for TCP tor-geoipdb - GeoIP database for Tor Closes: 880490 Changes: tor (0.3.1.8-2) unstable; urgency=medium . * Recent linux packages in Debian have enabled the apparmor Linux-Security-Module by default. Therefore, users are likely to have apparmor support not only built into their kernel but also actively enabled at runtime. Unfortunately, without the apparmor package being installed, systemd's AppArmorProfile= service setting will cause the unit to fail to start. . Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor, causing all errors while switching to the new apparmor profile to be ignored. This is not ideal, but for now it's probably the best solution. . Thanks to intrigeri; closes: #880490. Checksums-Sha1: 783c84e200052e17407f25ad134bf47cfc771d25 1800 tor_0.3.1.8-2.dsc 100cdcc9318ef77bdfc73131f45843d3a8b6fcb7 6073611 tor_0.3.1.8.orig.tar.gz fa750a5ba81715d357f65f1b9f8353aabeaf3bcb 48040 tor_0.3.1.8-2.diff.gz Checksums-Sha256: 16c3804262007f05129e9259fcc691aedafcf972eabd976158a2e840610384c8 1800 tor_0.3.1.8-2.dsc 7df6298860a59f410ff8829cf7905a50c8b3a9094d51a8553603b401e4b5b1a1 6073611 tor_0.3.1.8.orig.tar.gz faea1dbc0c862ae3966618ce35ee53fdb792743e983d2a8d48e0462b98224f7a 48040 tor_0.3.1.8-2.diff.gz Files: a4642ae5577eea80b3672b49bbc1c8c6 1800 net optional tor_0.3.1.8-2.dsc d04334a15527f9391a46d5ebf3d34782 6073611 net optional tor_0.3.1.8.orig.tar.gz 7e481d09d1a2a5767112dd66ed3fb67b 48040 net optional tor_0.3.1.8-2.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAln7iG0ACgkQhgLIIDhy Mx/43Qf9GcInTjtKRsboViV2LL6Zr9yrN9w0ucTMl2ciG+/vej88WBRnFi7C9S0s +N9WMTJ0p0P75UykbC8IHxbBlLLMhkGHenUiVLkU4TL7TA0IFEwSU21hcxnY+SRZ qG7wSgVjaPxS5BHHum4h+34XPFQEOG1T1NURLgPYjLzn7TGI2WhF0hBgOmBIbKxf Le2SR5uB4csLPeR/GHxcZZicmjMIBaYew6QyQjNr16Og6xkf2WSjDJWXiwLbx0Rm AqdH8+PkDYxrRZ+EDgcCr89QPMaMwTyLBPzyoUUtpxsYwCIHsmAqoJqTaE7FkWFI 5wDe4p0fAzqYhb/zcLzT51Uvn8P4fg== =qfcf -----END PGP SIGNATURE-----
--- End Message ---
