highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-11-19 02:22:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

[x86] correct apparmor.d/system_tor (#2876)

Browse Source
This commit is contained in:
openoms
2022-01-10 18:02:29 +00:00
committed by GitHub
parent 17524cfb10
commit a72fad3607
2 changed files with 44 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
alternative.platforms/amd64/packer/scripts/init.sh
View File

@@ -22,9 +22,3 @@ wget --no-check-certificate \
-O /home/vagrant/.ssh/authorized_keys -O /home/vagrant/.ssh/authorized_keys
chmod 0600 /home/vagrant/.ssh/authorized_keys chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant /home/vagrant/.ssh chown -R vagrant /home/vagrant/.ssh
# disable apparmor - tor will not work with raspiblitz customization
mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
| tee /etc/default/grub.d/apparmor.cfg
update-grub

40
home.admin/config.scripts/tor.install.sh
View File

@@ -215,10 +215,48 @@ if [ "${action}" = "enable" ]; then
After=network.target nss-lookup.target mnt-hdd.mount After=network.target nss-lookup.target mnt-hdd.mount
" | sudo tee /etc/systemd/system/tor@default.service.d/raspiblitz.conf " | sudo tee /etc/systemd/system/tor@default.service.d/raspiblitz.conf
# fix apparmor - https://github.com/rootzoll/raspiblitz/issues/2531
if [ $(systemctl --type=service | grep -c apparmor) -gt 0 ]; then
echo "- add custom directories to apparmor"
echo "\
# vim:syntax=apparmor
#include <tunables/global>
profile system_tor flags=(attach_disconnected) {
#include <abstractions/tor>
owner /var/lib/tor/** rwk,
owner /var/lib/tor/ r,
owner /var/log/tor/* w,
owner ${tor_data_dir}/** rwk,
owner ${tor_data_dir}/ r,
owner ${tor_conf_dir}/** rwk,
# During startup, tor (as root) tries to open various things such as
# directories via check_private_dir(). Let it.
/var/lib/tor/** r,
${tor_data_dir}/** r,
${tor_conf_dir}/** r,
/{,var/}run/tor/ r,
/{,var/}run/tor/control w,
/{,var/}run/tor/socks w,
/{,var/}run/tor/tor.pid w,
/{,var/}run/tor/control.authcookie w,
/{,var/}run/tor/control.authcookie.tmp rw,
/{,var/}run/systemd/notify w,
# Site-specific additions and overrides. See local/README for details.
#include <local/system_tor>
}" | sudo tee /etc/apparmor.d/system_tor
sudo systemctl restart apparmor
fi
# enable tor services # enable tor services
sudo systemctl unmask tor@default sudo systemctl unmask tor@default
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl enable --now tor@ tor@service sudo systemctl enable --now tor@service
sudo systemctl restart tor@default sudo systemctl restart tor@default
echo echo