summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsegfault <segfault@riseup.net>2020-04-15 16:45:14 +0200
committersegfault <segfault@riseup.net>2020-04-15 16:52:50 +0200
commit21d708eb027a1bdeb5be4b5365d029625a67f9bf (patch)
treea4d24556f9865c628c791a977834c2cc49336a95
parentf3851d728bfcd000700da449f22c98f6dd65c9a2 (diff)
Allow root to connect to Tor's SOCKSPort (refs: #17278)wip/bugfix/17278-fix-additional-software
This fixes an issue which occurs when partial APT lists are present in /var/lib/apt/lists/partial which are owned by root instead of the _apt user, which causes APT to run as root rather than _apt, therefore failing to connect when it's not allowed to connect to the SOCKS port.
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf1
1 files changed, 1 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index e8edef0..81834fd 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -36,6 +36,7 @@ domain ip {
mod owner uid-owner _apt ACCEPT;
mod owner uid-owner proxy ACCEPT;
mod owner uid-owner nobody ACCEPT;
+ mod owner uid-owner root ACCEPT;
}
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (9050 9062 9150) {
mod owner uid-owner $amnesia_uid ACCEPT;