fix tor-controlport-filter AppArmor profile
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Patrick
	Dec 24 2016, 6:53 PM

Tags

Referenced Files

None

Subscribers

• WhonixQubes

Description

Since we ported to tor-controlport-filter it needs to be renamed and fixed.

https://github.com/Whonix/control-port-filter-python/blob/master/etc/apparmor.d/usr.sbin.cpfpd

Details

Impact: Normal

Event Timeline

Patrick created this task.Dec 24 2016, 6:53 PM

Herald added a project: Whonix. · View Herald TranscriptDec 24 2016, 6:53 PM

Herald added a subscriber: • WhonixQubes. · View Herald Transcript

Renaming done
https://github.com/joysn/control-port-filter-python/tree/master/etc/apparmor.d
https://github.com/joysn/control-port-filter-python/commit/3685f36aecea638ba2fb73d7daa31423fd396e4e

Changes to the security profile
https://github.com/joysn/control-port-filter-python/blob/master/etc/apparmor.d/usr.lib.tor-controlport-filter
https://github.com/joysn/control-port-filter-python/commit/34070b35c91b7262697dbefec3944b496d0da18d#diff-3aea4b328b5988f1301b6b1ad4d79359

The changes done in this merge should be harmless (more of a grep and replace), the obvious ones. Tested and nothing broke with these changes.
More changes (stricter profile) may be required after more testing.

Nice! Tested and merged.

Btw, please also consider...

sudo apt-get install apparmor-notify

and/or

grep -i denied /var/log/syslog