Ubuntu and obfs4proxy: Operation not permitted

Since when I installed Ubuntu Wily (and I suspect the same will apply to the recent 16.04 Xenial) I couldn’t run Tor through an obfs brige (which I run).

The problem, quite common according to Google, is:

[warn] Could not launch managed proxy executable at ‘/usr/bin/obfs4proxy’ (‘Operation not permitted’).

But I didn’t really need it so badly I didn’t care much for long time…

Lately I had few minutes so I managed to dig into a little bit more, which lead me to Ubuntu bug #1568435, stating the culprit is (the not really beloved, at least by me) Apparmor. According to comment #6 the change is for just one line, but it didn’t suffice for me, I still had an error (maybe because I’m not using Ubuntu packaged Tor but 0.2.8.3-alpha):

apparmor=”DENIED” operation=”open” profile=”system_tor” name=”/proc/sys/net/core/somaxconn” pid=6140 comm=”obfs4proxy” requested_mask=”r” denied_mask=”r” fsuid=121 ouid=0

So it needed access to another /proc file. And finally here’s my working /etc/apparmor.d/abstractions/tor:


# vim:syntax=apparmor

#include <abstractions/base>
 #include <abstractions/nameservice>

network tcp,
 network udp,

capability chown,
 capability dac_override,
 capability fowner,
 capability fsetid,
 capability setgid,
 capability setuid,

/usr/bin/tor r,
 /usr/sbin/tor r,

/proc/sys/kernel/random/uuid r,
 /proc/sys/net/core/somaxconn r,
 /sys/devices/system/cpu/ r,
 /sys/devices/system/cpu/** r,

/etc/tor/* r,
 /usr/share/tor/** r,

# /usr/bin/obfs4proxy PUx,
 /usr/bin/obfs4proxy ix,

And just in case the relevant part of /etc/tor/torrc:

UseBridges 1
ClientTransportPlugin obfs3 exec /usr/bin/obfs4proxy
Bridge obfs3 1.2.3.4:80

Lascia un commento

Il tuo indirizzo email non sarà pubblicato.

Solve : *
4 × 8 =


Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.