Project

General

Profile

Bug #14603

Remove custom apparmor profile for tor

Added by groente 6 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
09/05/2017
Due date:
% Done:

100%

QA Check:
Info Needed
Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Description

We currently maintain a custom apparmor profile for tor, let's see if we can get rid of that and use debian defaults instead.


Related issues

Related to Tails - Feature #13581: Update AppArmor profile for tor/obfs4proxy Resolved 08/04/2017
Blocks Tails - Feature #13242: Core work 2017Q4 → 2018Q1: Sysadmin (Maintain our already existing services) Confirmed 06/29/2017

History

#1 Updated by intrigeri 6 months ago

  • Related to Feature #13581: Update AppArmor profile for tor/obfs4proxy added

#2 Updated by groente 6 months ago

  • Blocks Feature #13242: Core work 2017Q4 → 2018Q1: Sysadmin (Maintain our already existing services) added

#3 Updated by groente 6 months ago

  • Status changed from New to Confirmed

#4 Updated by anonym 3 months ago

  • Target version changed from Tails_3.3 to Tails_3.5

#5 Updated by groente about 2 months ago

  • Assignee changed from groente to intrigeri
  • QA Check set to Info Needed

completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?

#6 Updated by intrigeri about 2 months ago

  • Assignee changed from intrigeri to groente

completely removing the modules/site_tor directory from puppet-lizard-manifests and pinning the tor package to backports should do the trick here, no?

Sorry, I lack the background info here and retrieving it all myself into my hot cache would basically take me 99% of the time I would need if I was tackling this ticket myself, which would be a problem. So I'll need you to help me help you :)

I see that our custom abstractions/tor is functionally equivalent to what I have on my sid with tor 0.3.2.8-rc-1.

We already install tor from deb.torproject.org, at least on bridge.lizard where this stuff matters. Why would we need the version from backports?

Hint: apt-cache madison tor, rmadison tor, apt-cache policy tor :)

#7 Updated by groente about 2 months ago

  • Assignee changed from groente to intrigeri

aah, i checked the debian packages of tor and the relevant changes were in stretch-backports, but not in stretch. the package from torproject looks good, though, so no need for backports.

with that in mind, just removing the site_tor directory should suffice, no?

#8 Updated by intrigeri about 2 months ago

  • Assignee changed from intrigeri to groente

with that in mind, just removing the site_tor directory should suffice, no?

I guess so. Then reload the profile apparmor_parser -r /etc/apparmor.d/system_tor and restart the to apply and make sure it still works.

#9 Updated by groente about 2 months ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

it still works.

Also available in: Atom PDF