tor debian package installs apparmor profile ineffectively

The Tor package for Debian (0.2.3.25-1) installs an AppArmor profile in /etc/apparmor.d/system_tor . This is the correct filename under Ubuntu Upstart, but incorrect under Debian.

Under Debian, the file must be named /etc/apparmor.d/usr.sbin.tor , or alternatively usr.sbin.tor may be a symlink to system_tor .

The symptom of this bug is that the profile is loaded but not applied to the running binary:

dmesg | grep -i apparmor

[ 0.004000] AppArmor: AppArmor initialized [ 0.030864] AppArmor: AppArmor Filesystem Enabled [ 13.402898] type=1400 audit(1369748668.187:2): apparmor="STATUS" operation="profile_load" name="system_tor" pid=1448 comm="apparmor_parser"

ps auxwww | grep tor

102 1672 0.4 0.8 48484 17576 ? S 13:44 0:00 /usr/sbin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --hush

aa-status

AppArmor available in kernel. 1 profiles are loaded. 1 profiles are in enforce mode. system_tor 0 profiles are in complain mode. 0 processes have profiles defined. 0 processes are in enforce mode. <<<<<<<< !!! 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information