Hi Laurent, Laurent Bigonville: > My 2¢ here. Why is AppArmorProfile even needed here? Shouldn't apparmor > figureout > itself that it need to migrate to the system_tor domain(?)?
Good question, glad you're asking! :) It's technically doable to have an AppArmor profile that will be applied to any /usr/bin/tor process automatically. This is actually how AppArmor is used in the overwhelming majority of cases. But tor is special in that it is commonly run in different ways: - as a system service (instances of tor@.service) - run directly by users, which is not so uncommon a use case here It's not feasible to have a single AppArmor profile cover both cases: we know what paths the system service will access 99% of the time, but we cannot possibly guess how a tor run by the user manually is configured. IIRC this is why weasel chose this implementation and I fully concur. Cheers, -- intrigeri
