[apparmor] Fwd: Re: [pkg-apparmor] aa-unconfined shows tor as being unconfined, aa-status says different
u
u at 451f.org
Mon Feb 2 10:22:27 UTC 2015
Hi,
(Cc:ed Peter Palfrader (weasel), who maintains tor in Debian and the
Debian AppArmor Packaging Team.)
While playing around with `aa-unconfined` i saw that /usr/bin/tor is
marked as not being confined.
In Debian, `tor` comes with an apparmor profile which is called
"system_tor" and
lives in /etc/apparmor.d.
`aa-unconfined` seems to ignore this, but `aa-status` tells me that the
`system_tor` profile is well active.
Do I need to worry about the tor process not being confined?
Asked differently, do profiles need to be named a certain way (eg.
`usr/bin/something`) to be taken into account by `aa-unconfined`?
How do other distributions handle this particular profile?
As intrigeri says [1], one of these tools might be buggy.
Cheers,
Ulrike
[1]
http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2015-February/000386.html
More information about the AppArmor
mailing list