Control: tag -1 + moreinfo Hi,
Jason J. Ayala P.: > I was debugging why obfs4proxy was failing to load in Debian 9 (Whonix 14 > developers), > without any helpful error messages in the log. I notice that if I changed the > AA execution > permissions in abstractions/tor for obfsproxy to ix instead of PUx, > it loads. Do you mean obfs4proxy (rather than obfsproxy) i.e.: - /usr/bin/obfs4proxy PUx, + /usr/bin/obfs4proxy ix, ? Do you have any AppArmor policy enabled for obfs4proxy? (use aa-status) Please also try to see if environment variable scrubbing is involved (with NoNewPrivileges=yes): - /usr/bin/obfs4proxy PUx, + /usr/bin/obfs4proxy Pux, But don't ship that to users please. And finally, please also try this (with NoNewPrivileges=yes): - /usr/bin/obfs4proxy PUx, + /usr/bin/obfs4proxy Pix, And: - /usr/bin/obfs4proxy PUx, + /usr/bin/obfs4proxy pix, Full disclosure: I've just noticed that we've been setting NoNewPrivileges=no in Tails for a year to fix this very problem, but apparently I totally failed at reporting this upstream back then. Sorry! :( Cheers, -- intrigeri
